Citrix Bleed has been identified as a critical information disclosure vulnerability with a CVSS score of 9.4/10. This vulnerability affects the NetScaler ADC and Gateway appliances when configured as a Gateway or AAA virtual server. Unlike CVE-2023-4966, Citrix Bleed does not expose highly sensitive data to attackers. Although Citrix has not assigned a CVE ID … Read more
Citrix has recently identified a critical vulnerability (CVE-2024-31497) in certain versions of its Citrix Hypervisor virtualization platform. This vulnerability is associated with the use of a vulnerable version of the PuTTY SSH client in XenCenter, the management console for Citrix Hypervisor. The affected versions of XenCenter, specifically those prior to 8.2.6 in the Citrix Hypervisor … Read more
This week, two bugs in Citrix technology have caught the attention of the Cybersecurity and Infrastructure Security Agency (CISA). One of the vulnerabilities, labeled CVE-2023-6548, must be patched by federal agencies by January 24, while the other bug, labeled CVE-2023-6549, must be fixed by February 7. This quick fix timeline is unusual for CISA, but … Read more
VMware issued a security advisory Tuesday warning users to uninstall the VMware Enhanced Authentication Plug-in (EAP) due to critical and high severity vulnerabilities. The VMware EAP is a deprecated browser plugin that enables seamless single sign-on (SSO) to vSphere’s management interface from client workstations. It is an optional feature that stopped receiving support with the … Read more
Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response … Source link
VMware has released fixes for several flaws that together could allow attackers to execute malicious code on the host system from inside a virtual machine, bypassing the critical isolation layer. Some of the flaws are in the virtualized USB controllers, so they impact most VMware hypervisors: VMware ESXi, VMware Workstation, VMware Fusion, and VMware Cloud … Read more
VMware on March 5 issued patches for a pair of flaws they rated as “critical” and in the “important” severity range for VMware ESXi, Workstation, and Fusion. VMware explained in an advisory to its customers that ESXi, Workstation, and Fusion contain a “use-after-free” vulnerability in the XHCI USB controller filed with NIST as CVE-2024-22252. VMware … Read more
VMware is issuing patches for its ESXi, Workstation and Fusion products to fix a pair of flaws that, if exploited, could each allow attackers with local administrative privileges on virtual machines to execute code as the virtual machine’s VMX process running on the host. The use-after-free flaws (CVE-2024-22252 and CVE-2024-22253) are two of four vulnerabilities … Read more
VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. These types of flaws are critical as they could permit attackers to gain unauthorized access to the host system where a hypervisor is installed … Read more
VMware, a leading innovator in enterprise software, has issued an urgent advisory for customers to patch critical vulnerabilities across its product suite, including ESXi, Workstation, Fusion, and Cloud Foundation. A constellation of four flaws, with two rated at a severe 9.3 out of 10, threatens the core security feature of VMware products, enabling attackers to … Read more