CVE-2023-39250

CVE-2023-39250 affects Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) prior to 6.1.1, and Replay Manager for VMware (RMSV) prior to 3.1.2. Root cause is an information disclosure vulnerability that could allow a local low-privileged attacker to re...

Cisco Nexus Operating System Address Resolution Protocol Denial of Service (CVE-2015-4323)

"Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.30ZN0.9 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid501410; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/12/25"; scriptcveid"CVE-2015-4323";...

Cisco NX-OS Internet Group Management Protocol Denial of Service (CVE-2015-4324)

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.30ZN0.81, Nexus 3000 devices 7.30ZN0.81, Nexus 4000 devices 4.12E11c, Nexus 7000 devices 7.20N10.1, and Nexus 9000 devices 7.30ZN0.81 allows remote attackers to cause a denial of service IGMP process restart via a malforme...

VMware DCERPC call request uninitialized memory heap overflow vulnerability

Talos Vulnerability Report TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-20892 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in VMware vCenter Server...

Migrating pooled licenses to new ADM server

In this document, you’ll discover how to migrate Citrix ADM Application Delivery Management on-premises to Citrix ADM service. Migrating to cloud resources modernizes your deployment, providing enhanced elasticity, scalability, and management. The guidance documented here is based on deployment i...

CVE-2022-23240

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors...

CVE-2022-23239

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...

CVE-2022-23239

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...

Cross site scripting

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...

CVE-2022-23239

CVE-2022-23239 affects NetApp Active IQ Unified Manager prior to 9.11P1. The Red Hat and NVD/NVD-derived entries describe a Stored Cross-Site Scripting (XSS) vulnerability exploitable by administrative users via the web interface, caused by insufficient protection of the page structure. Affected ...

CVE-2022-23240

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors...

PT-2023-6177 · Netapp · Snapcenter Plugin For Vmware Vsphere

Name of the Vulnerable Software and Affected Versions: SnapCenter Plugin for VMware vSphere versions 4.6 through 4.8 Description: The issue is related to insufficient access control in the SnapCenter Plugin for VMware vSphere, which may allow authenticated unprivileged users to modify email and...

CVE-2022-23239

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...

SUSE CVE-2018-1000151

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default...

SUSE CVE-2018-1000152

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

SUSE CVE-2018-1000153

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

SUSE CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

SUSE CVE-2020-28972

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers in the vmware.py files does not always validate the SSL/TLS certificate...

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support EoGS and/or significantly out-of-date products are bein...

CVE-2022-46996

vSphereselfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...