Tag: vmware
-
VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX
VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately…
-
VMware HCX: Codeschmuggel durch SQLLücke möglich
Broadcom hat mit einem Update eine Sicherheitslücke in VMware HCX geschlossen. Angreifer können durch sie Code einschleusen und ausführen. First seen on heise.de Jump to article: www.heise.de/news/VMware-HCX-Codeschmuggel-durch-SQL-Injection-Luecke-moeglich-9983875.html
-
Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access
VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access. The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation. According to the Broadcom report, the advisory, VMSA-2024-0020, was initially published on October 9, 2024, and highlights the moderate severity…
-
Kommende Generation von VMware vSphere Virtual Volumes – Pure Storage will vVols unterstützen
Tags: vmwareFirst seen on security-insider.de Jump to article: www.security-insider.de/pure-storage-will-vvols-unterstuetzen-a-8d4c73d2f1575765a1ae12648bb7f2f0/
-
AT&T claims VMware by Broadcom offered it a 1,050 percent price rise
And that Broadcom has prevented vendors from selling to the telco giant First seen on theregister.com Jump to article: www.theregister.com/2024/10/01/att_broadcom_filings_update/
-
Broadcom warnt – Schwachstellen in VMware vCenter ermöglichen Malware-Angriffe
First seen on security-insider.de Jump to article: www.security-insider.de/-updates-sicherheitsrisiken-vmware-vcenter-schwachstellen-a-139e6c7835ef3f388a645cbe38014bce/
-
Vulnerability Recap 9/23/24 Remote Code Execution Steals the Show
This week’s vulnerabilities to watch and patch included Veeam, Arc, and VMware issues, as well as another Ivanti flaw. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/vulnerability-recap-september-23-2024/
-
AT&T intends to quit VMware, Broadcom claims in legal broadside
Counter-arguments in support spat paint unflattering picture of telco giant’s IT estate First seen on theregister.com Jump to article: www.theregister.com/2024/09/23/att_vmware_quit_claim_broadcom/
-
Hyper-V und VMware: Schwachstellen, Patches, PoCs
Kleiner Sammelbeitrag und Nachtrag rund um das Thema Virtualisierung. In Hyper-V wurde kürzlich eine Schwachstelle gepatcht jetzt gibt es einen Proof of Concept (PoC) für diese Schwachstelle. Und bei VMware gibt es ebenfalls Schwachstellen sowie Infos, wie sich aus … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/23/hyper-v-und-vmware-schwachstellen-patches-pocs/
-
Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical VMware vCenter Server bugs fixed (CVE-2024-38812) Broadcom has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/22/week-in-review-critical-vmware-vcenter-server-bugs-fixed-apple-releases-ios-18/
-
Critical VMware vCenter Server Patch VMSA20240019
Summary VMware has released a critical security advisory (VMSA-2024-0019) that addresses two serious vulnerabilities found in its vCenter Server and VMware Cloud Foundation products. These First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/09/18/critical-vmware-vcenter-server-patch-vmsa20240019/
-
Bugcrowd erweitert Vorstand durch Ex-Carbon-Black-CEO Patrick Morley
Bugcrowd, Spezialist im Bereich Crowdsourced-Security, hat Patrick Morley in den Vorstand des Unternehmens aufgenommen. Morley war 14 Jahre lang CEO von Carbon Black, einem Anbieter von cloudbasierter Endpunktsicherheitssoftware. Er führte das Unternehmen von seinen Anfängen bis zum Börsengang an der Nasdaq im Jahr 2018 und beaufsichtigte anschließend die Übernahme durch VMware im Jahr 2019. Morley…
-
Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/18/cve-2024-38812-cve-2024-38813/
-
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
Broadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. vCenter Server is a critical component in VMware virtualization and…
-
VMware vCenter Server Vulnerability Let Attackers Escalate Privileges
VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its vCenter Server and VMware Cloud Foundation products. CVE-2024-38812 and CVE-2024-38813 vulnerabilities could allow attackers to execute remote code and escalate privileges. CVE-2024-38812: Heap-Overflow Vulnerability The first vulnerability, CVE-2024-38812, is a heap overflow issue found in implementing the DCERPC protocol within the vCenter…
-
Desktop hypervisors are like buses: None for ages, then four at once
Tags: vmwareVirtualBox, Parallels, and VMware have all upgraded First seen on theregister.com Jump to article: www.theregister.com/2024/09/17/virtualbox_parallels_vmware_workstation_fusion_upgrades/
-
VMware vCenter: Angreifer aus dem Netz können Schadcode einschleusen
Broadcom stopft mehrere Sicherheitslücken in VMware vCenter. Schlimmstenfalls können Angreifer aus dem Netz Schadcode einschmuggeln und ausführen. First seen on heise.de Jump to article: www.heise.de/news/VMware-vCenter-Angreifer-aus-dem-Netz-koennen-Schadcode-einschleusen-9871243.html
-
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
Tags: access, cve, flaw, malicious, network, remote-code-execution, update, vcenter, vmware, vulnerabilityBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.”A malicious actor with network access to vCenter Server may trigger this vulnerability by…
-
VMware patches remote makeroot holes in vCenter Server, Cloud Foundation
Bug reports made in China First seen on theregister.com Jump to article: www.theregister.com/2024/09/17/vmware_vcenter_patch/
-
VMware patches over remote makeroot holes in vCenter Server, Cloud Foundation
Bug reports made in China First seen on theregister.com Jump to article: www.theregister.com/2024/09/17/vmware_vcenter_patch/
-
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10. The post VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-remote-code-execution-flaw-found-in-chinese-hacking-contest/
-
Pure Storage macht externe Block-Speicherlösung für Azure VMware verfügbar
Azure-Kunden können ihre Microsoft Azure Consumption Commitment (MACC) nutzen, um Pure Cloud Block Store-Kapazität zu erwerben und ihrer Azure VMware … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/pure-storage-macht-externe-block-speicherloesung-fuer-azure-vmware-verfuegbar/a36797/
-
High Severity VMware Vulnerabilities Under Active Exploitation
This bulletin was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Executive Summary On May 18th… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/05/20/high-severity-vmware-vulnerabilities-under-active-exploitation%ef%bf%bc/
-
Critical VMware Authentication Bypass and RCE Vulnerabilities: CVE-2022-31656 and CVE-2022-31659
Proof-of-Concept (PoC) exploit recently released by security researchers. VMware recommends patching affected systems immediately. Executive Summary O… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/08/10/critical-vmware-authentication-bypass-and-rce-vulnerabilities-cve-2022-31656-and-cve-2022-31659/
-
Ransomware as a Service Nevada Ransomware campaign targeting VMWare ESXi servers
Written by Michal Nowakowski of the Kudelski Security Threat Detection & Research Team UPDATE February 14th 2023 After the first wave of ESXiArgs … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/02/09/ransomware-as-a-service-nevada-ransomware-campaign-targeting-vmware-esxi-servers/
-
VMware vCenter Server OutBounds Write Vulnerability (CVE-2023-34048)
Written by Yann Lehmann with the support of Scott Emerson of the Kudelski Security Threat Detection & Research Team Summary VMware has released se… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/10/25/vmware-vcenter-server-out-of-bounds-write-vulnerability-cve-2023-34048/
-
Research suggests more than half of VMware customers are looking to move
Tags: vmwarePrice rises, uncertainty after Broadcom takeover forcing users to look elsewhere for virtualization needs Source: www.theregister.com/2024/09/11/civo_vmware_research/ comments: 0
-
VMware Fusion13.x Code Execution Bug Patched
Tags: vmwareFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36297/VMware-Fusion13.x-Code-Execution-Bug-Patched.html
-
VMware Fusion: Update stopft Rechteausweitungslücke
First seen on heise.de Jump to article: www.heise.de/news/VMware-Fusion-Update-stopft-Rechteausweitungsluecke-9855846.html