• mehdi@mkvlab.at
June 4, 2025

VMSA-2025-0012 – VMware NSX – Multiple Vulnerabilities

VMware by Broadcom has released VMware NSX updates to address multiple vulnerabilities CVE-2025-22243, CVE-2025-22244, CVE-2025-22245. Multiple vulnerabilities in VMware NSX were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. Impacted Products CVE-2025-22243 | Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI Description:VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack […]

Security 0
May 26, 2025

VMSA-2025-0011 – VMware Avi Load Balancer – SQL Injection Vulnerability

VMware by Broadcom addresses VMware Avi Load Balancer an authenticated blind SQL Injection vulnerability CVE-2025-41233. Avi Load Balancer contains an authenticated blind SQL Injection vulnerability, which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain […]

Security 0
May 21, 2025

VMSA-2025-0010 – VMware ESXi, vCenter Server, Workstation, and Fusion – Multiple Vulnerabilities

VMware by Broadcom has released VMware ESXi, vCenter Server, Workstation, and Fusion updates to address multiple vulnerabilities CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228. Multiple vulnerabilities in ESXi, vCenter Server, and Workstation were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. Impacted Products CVE-2025-41225 | VMware vCenter Server authenticated command-execution vulnerability Description:The vCenter Server contains an authenticated […]

Security 0
May 21, 2025

VMSA-2025-0009 – VMware Cloud Foundation – Multiple Vulnerabilities

VMware by Broadcom has released VMware Cloud Foundation updates to address multiple vulnerabilities CVE-2025-41229, CVE-2025-41230, CVE-2025-41231. Multiple vulnerabilities in VMware Cloud Foundation were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. Impacted Products: CVE-2025-41229 | VMware Cloud Foundation Directory Traversal Vulnerability Description:VMware Cloud Foundation contains a directory traversal vulnerability. VMware has evaluated the severity of […]

Security 0
April 18, 2025

FortiOS 7.6.3 – SSL VPN tunnel mode is no longer supported!

In a significant update, Fortinet has announced that starting with FortiOS version 7.6.3 (has been released on April 17th), SSL VPN tunnel mode is no longer supported on ALL FortiGate models. Upon upgrading to FortiOS 7.6.3, existing SSL VPN configurations will be removed, and the SSL VPN web and tunnel mode features will no longer be accessible through the GUI […]

Fortinet 0
March 9, 2025

VMSA-2025-0004 – VMware ESXi, Workstation, and Fusion multiple Vulnerability

VMware by Broadcom has released VMware ESXi, Workstation, and Fusion updates to address multiple vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. Impacted Products: CVE-2025-22224 | VMCI heap-overflow vulnerability Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3. […]

Security 0
November 13, 2024

Understanding VMware’s New Licensing Model: VCF, VVF, and More

In November 2024, VMware, under Broadcom’s leadership, updated its licensing portfolio, aiming to streamline offerings and align with evolving customer needs, and added a new product suite. we will take a look at each of them briefly. Revised Licensing Categories VMware’s product suite is now organized into four primary categories: Transition to Subscription-Based Licensing Aligning with industry trends, VMware has […]

VMware 0
November 10, 2024

VMware Explore 2024 Barcelona – My Favorite Sessions

The annual VMware Explore event in Barcelona never disappoints, and 2024 was no exception! With so many exciting sessions covering cutting-edge developments in virtualization, cloud, and networking, choosing a handful of favorites is no easy task. However, a few sessions stood out to me for their insights, innovation, and potential to transform how we approach modern IT challenges. Here are […]

VMware 0
October 27, 2024

Critical zero-day vulnerability in FortiManager is actively exploited – CVE-2024-47575

A missing authentication for critical function vulnerability tracked as CVE-2024-47575 in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability to be exploited in the wild. The company privately warned FortiManager customers about the flaw starting October 13th in advanced notification emails seen by BleepingComputer […]

Fortinet 0
October 9, 2024

VMSA-2024-0020 – VMware NSX – Multiple Vulnerabilities

VMware by Broadcom has released a VMware NSX update to address multiple vulnerabilities CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815. Impacted Products: CVE-2024-38817 | VMware NSX command injection vulnerability Description:VMware NSX contains a command injection vulnerability.  VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7. A malicious actor with access to the NSX […]

Security 0

Categories

vExpert Badge

Consulting

I am available for remote consulting and support.

Click here for Resume Download

Archives

Recent Posts