18 matches found
EUVD-2018-11857
Malware in sbrugna...
EUVD-2025-6523
Malicious code in bioql PyPI...
CVE-2025-41246
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs...
SUSE CVE-2025-2241
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
GO-2025-3529 Openshift Hive Exposes VCenter Credentials via ClusterProvision in github.com/openshift/hive
Openshift Hive Exposes VCenter Credentials via ClusterProvision in github.com/openshift/hive...
Insecure Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information where vCenter credentials are stored in plaintext within the ClusterProvision object after provisioning a vSphere cluster. Users with read access to ClusterProvision objects can extract these...
GHSA-C339-MWFC-FMR2 Openshift Hive Exposes VCenter Credentials via ClusterProvision
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
Openshift Hive Exposes VCenter Credentials via ClusterProvision
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
CVE-2025-2241
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
CVE-2025-2241
CVE-2025-2241 describes a vulnerability in Hive (MCE/ACM) where VCenter credentials are exposed in the ClusterProvision object after provisioning a vSphere cluster. Attackers with read access to ClusterProvision objects can extract credentials even without direct Kubernetes Secrets access, potent...
CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
CVE-2025-2241
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
Cohesity DataPlatform Man-in-the-Middle Vulnerability
Cohesity DataPlatform is a suite of platforms from Cohesity for managing ancillary data and applications. The platform is primarily used for data backup, instant recovery, etc. A security vulnerability exists in Cohesity DataPlatform version 5.x and version 6.x prior to 6.1.1c, which stems from t...
Cloud Foundry Container Runtime Information Disclosure Vulnerability
Cloud Foundry Container Runtime is a system from the US-based Cloud Foundry Foundation that provides a unified way to instantiate, deploy, and manage Kubernetes clusters. An information disclosure vulnerability exists in Cloud Foundry Container Runtime kubo-release prior to version 0.14.0, which...
CVE-2018-5761
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter...
CVE-2017-1378
IBM Spectrum Protect 7.1 and 8.1 formerly Tivoli Storage Manager disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875...
CVE-2017-4917
VMware vSphere Data Protection VDP 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...