October 25, 2023 at 09:21AM Virtualization technology leader VMware has issued an urgent warning about a critical remote code execution flaw in its vCenter Server and VMware Cloud Foundation products. The vulnerability allows attackers with network access to execute remote code. VMware has released patches for the affected products, including older versions. Additionally, a moderate-severity … Read more
October 25, 2023 at 07:03AM VMware has released security updates to fix a critical flaw in the vCenter Server that could allow remote code execution. The vulnerability, tracked as CVE-2023-34048, is an out-of-bounds write issue in the DCE/RPC protocol. The company has urged users to apply the patches without delay as there are no workarounds … Read more
October 25, 2023 at 12:33AM VMware has disclosed a critical vulnerability in its vCenter Server, along with a patch to fix it. The vulnerability, known as CVE-2023-34048, allows a malicious actor with network access to trigger an out-of-bounds write and potentially execute remote code. VMware has also released patches for unsupported versions of the software. … Read more
October 24, 2023 at 10:56AM VMware has alerted customers to the availability of proof-of-concept exploit code for an authentication bypass flaw in vRealize Log Insight (now VMware Aria Operations for Logs). Tracked as CVE-2023-34051, the vulnerability allows unauthenticated attackers to remotely execute code with root permissions. Researchers have released a technical analysis, a proof-of-concept exploit, … Read more