#vmware

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4206: QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow * CVE-2021-4207: QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow * CVE-2022-26353: QEMU: virtio-net: map leaking on error during receive * CVE-2022-26354: QEMU: vhost-vsock: missing virtqueue detach on error can...

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

Backdoor.Win32.Destrukor.20 malware suffers from an unauthenticated remote command execution vulnerability.

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

Commodity malware usage surpasses ransomware by narrow margin  By Caitlin Huey. For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely due to several factors, including the closure of several ransomware groups, whether it be of their own volition or the actions of global law enforcement agencies and governments.  Commodity malware was the top observed threat this quarter, a notable development given the general decrease in observations of attacks leveraging commodity trojans in CTIR engagements since 2020. These developments coincide with a general resurgence of certain email-based trojans in recent months, as law enforcement and technology companies have continued to attempt to disrupt and affect email-based malware threats like Emotet and Trickbot. This quarter featured malware such as the Remcos remote access trojan ...

VMware Security Advisory 2021-0025.3 - VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and introduced a functional issue.