June 18, 2024 at 04:33AM VMware has issued updates to fix critical vulnerabilities affecting Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could lead to privilege escalation and remote code execution. The vulnerabilities include heap-overflow flaws and local privilege escalation issues. While there are no known active exploits, users are urged to promptly apply … Read more
June 18, 2024 at 02:11AM Critical-rated flaws (CVE-2024-37079 & CVE-2024-37080) in vCenter Server by VMware/Broadcom pose remote code execution risk. The heap-overflow vulnerabilities in DCE/RPC protocol could be exploited by a network-based attacker. Despite no known in-the-wild exploitation, older vSphere versions 6.5 and 6.7 lack fixes. Additionally, an important-rated privilege escalation flaw (CVE-2024-37081) is present. … Read more
March 6, 2024 at 10:41AM VMware released security updates to address critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation products, potentially allowing unauthorized access to host systems and virtual machines on the same host. The advisory details four vulnerabilities, their impact, and provides a workaround for some issues. VMware also made security … Read more
March 5, 2024 at 02:12PM VMware issued critical patches for multiple high-severity vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation products. The flaws could allow code execution on the host machine and escape sandbox mitigations. Two bugs hold a severity score of 9.3, leading VMware to patch even end-of-life products due to the increased risk. … Read more
January 16, 2024 at 09:12AM VMware has urged customers to patch a critical vulnerability (CVE-2023-34063, CVSS score of 9.9) affecting Aria Automation and Cloud Foundation. The missing access control flaw could allow unauthorized access to remote organizations and workflows. VMware has released patches for impacted versions and credited external researchers for discovering the vulnerability. Threat … Read more