VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
VMware has patched three vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. Source link
SecurityWeek
In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved
Noteworthy stories that might have slipped under the radar: European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom portal. Source link
Broadcom Merges Symantec and Carbon Black Into New Business Unit
Fresh off its $69 billion acquisition of VMware, Broadcom creates an Enterprise Security Group unit that merges Symantec and Carbon Black. Source link
VMware Patches Critical ESXi Sandbox Escape Flaws
The most serious flaws allow hackers with local admin rights to execute code as the virtual machine’s VMX process running on the host. Source link
VMware vCenter Server Vulnerability Exploited in Wild
VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. Source link
VMware Urges Customers to Patch Critical Aria Automation Vulnerability
Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows. Source link
Critical Authentication Bypass Flaw in VMware Cloud Director Appliance
Cloud computing and virtualization technology giant VMware on Tuesday rushed out an urgent patch for a gaping authentication bypass bug affecting its Cloud Director Appliance product. The vulnerability, tagged as CVE-2023-34060, carries a CVSS severity-score of 9.8 out of 10 and can be exploited by a malicious actor with network access to the appliance to … Read more
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products
Virtualization technology powerhouse VMware is calling urgent attention to a critical remote code execution flaw haunting its vCenter Server and VMware Cloud Foundation products. The company said the vulnerability, tagged as CVE-2023-34048, allows a malicious hacker with network access to launch remote code execution exploits. A critical-severity advisory from VMware described the bug as an … Read more
Exploit Code Published for Critical-Severity VMware Security Defect
Just days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMWare is warning that exploit code has been published online. In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and … Read more
VMware Patches Major Security Flaws in Network Monitoring Product
Virtualization technology giant VMware on Tuesday shipped a major security update to correct at least two critical vulnerabilities in its Aria Operations for Networks product line. In a critical-severity advisory, VMware said the flaws could be exploited by malicious hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line … Read more