EUVD-2024-39888

Malicious code in bioql PyPI...

Citrix Daas - CVAD - How to Migrate vCenter 7.x to 8.x Without Losing Citrix Configurations

This article provides a step-by-step guide on how to migrate vCenter 7.x to a new vCenter 8.x environment without losing Citrix configurations, ensuring a seamless transition and minimizing downtime, while maintaining the integrity of existing virtual infrastructure and Citrix settings...

CVE-2024-42453

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...

CVE-2024-42453

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...

CVE-2024-42453

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...

CVE-2024-42453

The CVE-2024-42453 entry concerns Veeam Backup & Replication where low-privileged users can manipulate configurations on connected virtual infrastructure hosts due to improper permission checks in management services. Affected behavior includes powering off virtual machines, deleting storage file...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in Enterprise Manager components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Access to system data Oracle...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a perpetrator to execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, arises due to a buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.3] (RHSA-2022:8502)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8502 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...

RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.0] (RHSA-2022:4711)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4711 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...

The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control to the /etc/vmware-vpx/vcdb.properties file, which contains plaintext credentials. Exploiting this vulnerability could all...

The vulnerability of the VAPI service, a management tool for virtual infrastructure, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the VAPI service, a management tool for virtual infrastructure such as VMware vCenter Server, is related to deficiencies in system security restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending...

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, relates to insecure management of privileges, allowing attackers to escalate their privileges.

The vulnerability of the management tool for virtual infrastructure, VMware vCenter Server, and the virtualization platform, VMware Cloud Foundation, is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the rhttpproxy service, a management tool for virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, allows attackers to circumvent existing security restrictions.

The vulnerability of the rhttpproxy service in the vmware vcenterserver software is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...

CVE-2021-27277

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

CVE-2021-27277

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

CVE-2021-27277

CVE-2021-27277 affects SolarWinds Orion Virtual Infrastructure Monitor 2020.2. The issue is a deserialization of untrusted data in the OneTimeJobSchedulerEventsService WCF endpoint due to insufficient validation, enabling local attackers who can run low-privilege code to escalate to SYSTEM and ex...

Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting Vulnerability

Matrix42 Workspace Management version 9.1.2.2765 suffers from a persistent cross site scripting vulnerability. Matrix42 Workspace Management 9.1.2.2765 – Stored Cross-Site Scripting =============================================================================== Identifiers...

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protecte...

The vulnerability of the implementation of backup and recovery operations for software that manages virtual infrastructure like VMware vCenter Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the implementation of backup and data restoration operations for software that manages virtual infrastructure like VMware vCenter Server Appliance is related to deficiencies in verifying the authenticity of certificates. Exploiting this vulnerability can allow an attacker,...