Decipher 
VMware has fixed a critical-severity authentication bypass flaw in its cloud service delivery platform, two weeks after the vulnerability was first disclosed on Nov. 14. The flaw (CVE-2023-34060) exists in VMware Cloud Director Appliance version 10.5 (if the deployment has been upgraded to 10.5 from an older release), and as of Nov. 30 the fix … Read more
VMware has released patches for a critical-severity vulnerability in its centralized management utility, vCenter Server, which could enable remote code execution attacks. vCenter Server helps users manage virtual machines, ESXi hosts, and other components from a centralized location. The flaw (CVE-2023-34048) is an out-of-bounds write issue that specifically stems from the implementation of DCE/RPC, the … Read more
Days after VMware issued patches for a critical-severity vulnerability in its network monitoring tool, the company said that exploit code for the bug has now been published. The vulnerability (CVE-2023-34039) exists in VMware’s Aria Operations for Networks (formerly vRealize Network Insight) tool, which helps businesses monitor and analyze their networks and applications. According to VMware, … Read more