Lucene search
K

13053 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 7:26 a.m.3 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

7.5CVSS5.9AI score0.00702EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in open-vm-tools

open-vm-tools contains a file descriptor hijacking vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

7.4CVSS6.3AI score0.00402EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create the debugfs ttmresourcemanager entry only if needed The driver creates /sys/kernel/debug/dri/0/mobttm even when the corresponding ttmresourcemanager is not allocated. This leads to a crash when trying to read...

5.5CVSS6.2AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in open-vm-tools

VMware Tools 12.0.0, 11.x.y, and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the guest OS can escalate privileges as a root user in the virtual machine...

7.8CVSS7.1AI score0.0054EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Fixed invalid reads in “fence signaled events”. The length of the dmrevent structure was correctly set to the actual size of the structure that is actually used. The length of the dmrevent was set to the parent...

7.1CVSS6.3AI score0.00288EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fixed a memory leak in vmwgmridmangetnode When idaallocmax fails, resources allocated before should be freed, including those allocated by kmalloc and ttmresourceinit...

5.5CVSS5.8AI score0.00228EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers. The kms paths maintain a persistent map that is active for reading and comparing the cursor buffer. These maps can conflict with each other in simple scenarios where: a buffer “a...

4.7CVSS6.4AI score0.00209EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a malicious guest driver to allocate and initialize a large number of page tables, which can be used as a ring of descriptors for CQ and async events. This could potentially lead to out-of-bound...

6.3CVSS6.6AI score0.00309EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/19 11:10 a.m.69 views

Spring Cloud - Remote Code Execution

Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and...

9.8CVSS7.6AI score0.99939EPSS
Exploits36References6
Nuclei
Nuclei
added 2026/06/19 11:10 a.m.86 views

Spring - Remote Code Execution

Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full...

9.8CVSS7.7AI score0.99677EPSS
Exploits100References6
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.10 views

Photon OS 4.0: Nginx PHSA-2026-4.0-1036

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.2CVSS6AI score0.61469EPSS
Exploits43References3
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.6 views

Photon OS 4.0: Bindutils PHSA-2026-4.0-1035

An update of the bindutils package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.47 views

VMware vSphere Client (HTML5) - Remote Code Execution

VMware vCenter vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Th...

10CVSS9.6AI score0.9957EPSS
Exploits47References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.199 views

VMware vSphere Client (HTML5) - Remote Code Execution

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10CVSS9.6AI score0.99999EPSS
Exploits13References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.30 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafte...

7.5CVSS6.8AI score0.95586EPSS
Exploits3References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.51 views

VMware View Planner <4.6 SP1- Remote Code Execution

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could...

9.8CVSS9.3AI score0.98947EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.72 views

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

10CVSS8.4AI score0.98253EPSS
Exploits54References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.38 views

VMware Workspace ONE Access - Server-Side Template Injection

VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identit...

10CVSS9.4AI score0.99997EPSS
Exploits24References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.54 views

Spring Data Commons - Remote Code Execution

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS9AI score0.95649EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.64 views

VMware vCenter Server - Arbitrary File Upload

VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. id: CVE-2021-22005 info: name: VMware...

9.8CVSS8.7AI score0.99999EPSS
Exploits11References5
Rows per page
Query Builder