patches

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

by
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Feb 08, 2024NewsroomCyber Threat / Network Security Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – … Read more

VMware patches critical access control vulnerability in Aria Automation

by
VMware patches critical access control vulnerability in Aria Automation

VMware has released updates for Aria Automation, its multi-cloud infrastructure automation platform for public, private and hybrid clouds, to fix a critical vulnerability that could allow authenticated attackers to access remote organizations and workflows. VMware Cloud Foundation, a suite of software-defined services for setting up private clouds, is also impacted if the products were deployed … Read more

VMware Patches Critical Authentication Bypass Bug

by
VMware Patches Critical Authentication Bypass Bug

VMware has fixed a critical-severity authentication bypass flaw in its cloud service delivery platform, two weeks after the vulnerability was first disclosed on Nov. 14. The flaw (CVE-2023-34060) exists in VMware Cloud Director Appliance version 10.5 (if the deployment has been upgraded to 10.5 from an older release), and as of Nov. 30 the fix … Read more

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products

by
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products

Virtualization technology powerhouse VMware is calling urgent attention to a critical remote code execution flaw haunting its vCenter Server and VMware Cloud Foundation products. The company said the vulnerability, tagged as CVE-2023-34048, allows a malicious hacker with network access to launch remote code execution exploits. A critical-severity advisory from VMware described the bug as an … Read more

Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach – Help Net Security

by
Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach – Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: GOAD: Vulnerable Active Directory environment for practicing attack techniquesGame of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. “Disappearing” implants, followed by first fixes for … Read more

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) – Help Net Security

by
VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) – Help Net Security

VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual appliance to trigger an out-of-bounds write that can lead to remote code execution. It … Read more

VMware Patches Major Security Flaws in Network Monitoring Product

by
VMware Patches Major Security Flaws in Network Monitoring Product

Virtualization technology giant VMware on Tuesday shipped a major security update to correct at least two critical vulnerabilities in its Aria Operations for Networks product line. In a critical-severity advisory, VMware said the flaws could be exploited by malicious hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line … Read more