CVE-2017-4947

VMware vRealize Automation 7.3 and 7.2 and vSphere Integrated Containers 1.x before 1.3 contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance...

VMware vRealize Automation and vSphere Integrated Containers Remote Code Execution Vulnerability

VMware vRealize Automation vRA and vSphere Integrated Containers VIC are both products from VMware. vRealize Automation vRA is a suite of cloud automation software. The software supports automated delivery of personalized infrastructure, deployment across multi-vendor, hybrid cloud infrastructure...

PT-2018-1080 · Vmware · Vsphere Integrated Containers +2

Name of the Vulnerable Software and Affected Versions: VMware vRealize Automation versions 7.2 through 7.3 vSphere Integrated Containers versions 1.x before 1.3 Description: The issue is caused by a deserialization vulnerability via Xenon, which may allow remote attackers to execute arbitrary cod...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vRealize Automation, vSphere Integrated Containers, and AirWatch Console. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMwar...

VMSA-2018-0006:vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities

VMSA-2018-0006 vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0006 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis:...

Meltdown and Spectre Attacks | Cloud Foundry

Severity Advisory/Critical Description Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a maliciou...

VMSA-2018-0004 : VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue (Spectre)

New speculative-execution control mechanism for Virtual Machines Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System Guest OS can remediate the Branch Target...

VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue

New speculative-execution control mechanism for Virtual Machines Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System Guest OS can remediate the Branch Target...

VMSA-2018-0004:VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue

VMSA-2018-0004.3 VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Mitigations for speculative execution issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0005 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis:...

VMware vSphere Data Protection 5.x / 6.0.x < 6.0.7 / 6.1.x < 6.1.6 Multiple Vulnerabilities (VMSA-2018-0001

The version of VMware vSphere Data Protection installed on the remote host is 5.x or 6.0.x prior to 6.0.7, or it is 6.1.x prior to 6.1.6. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid105586; scriptversion"1.9"...

VMware vSphere Data Protection Arbitrary File Upload Vulnerability

VMware vSphere Data Protection is a backup and recovery solution. A security vulnerability exists in VMware vSphere Data Protection that allows remote attackers to exploit the vulnerability to submit a special request to upload arbitrary files to the server...

VMware vSphere Data Protection Directory Traversal Vulnerability

VMware vSphere Data Protection is a backup and recovery solution. A directory traversal security vulnerability exists in VMware vSphere Data Protection, which could be exploited by remote attackers to submit a special request to view the contents of system files...

Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities

NVIDIA driver response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks tha...

VMware Issues 3 Critical Patches for vSphere Data Protection

VMware, a Dell Technologies subsidiary, released several patches Tuesday fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. The bugs address three vulnerabilities in VMware’s vSphere Data Protection VDP, a backup and recovery solution used with its...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vSphere Data Protection. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0001 and apply the...

VMSA-2018-0001:vSphere Data Protection (VDP) updates address multiple security issues.

VMSA-2018-0001 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0001 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’

Researchers at CyberArk Labs have created a post-intrusion attack technique known as a Golden SAML that could allow an attacker to fake enterprise user identities and forge authentication to gain access to valuable cloud resources in a federation environment. “Using this post-exploit technique,...

CVE-2017-4928

The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...

Server side request forgery (ssrf)

The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...

CVE-2017-4928

The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...