• mehdi@mkvlab.at
June 4, 2025

VMSA-2025-0012 – VMware NSX – Multiple Vulnerabilities

VMware by Broadcom has released VMware NSX updates to address multiple vulnerabilities CVE-2025-22243, CVE-2025-22244, CVE-2025-22245. Multiple vulnerabilities in VMware NSX were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. Impacted Products CVE-2025-22243 | Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI Description:VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack […]

Security 0
May 26, 2025

VMSA-2025-0011 – VMware Avi Load Balancer – SQL Injection Vulnerability

VMware by Broadcom addresses VMware Avi Load Balancer an authenticated blind SQL Injection vulnerability CVE-2025-41233. Avi Load Balancer contains an authenticated blind SQL Injection vulnerability, which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain […]

Security 0
May 21, 2025

VMSA-2025-0010 – VMware ESXi, vCenter Server, Workstation, and Fusion – Multiple Vulnerabilities

VMware by Broadcom has released VMware ESXi, vCenter Server, Workstation, and Fusion updates to address multiple vulnerabilities CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228. Multiple vulnerabilities in ESXi, vCenter Server, and Workstation were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. Impacted Products CVE-2025-41225 | VMware vCenter Server authenticated command-execution vulnerability Description:The vCenter Server contains an authenticated […]

Security 0
May 21, 2025

VMSA-2025-0009 – VMware Cloud Foundation – Multiple Vulnerabilities

VMware by Broadcom has released VMware Cloud Foundation updates to address multiple vulnerabilities CVE-2025-41229, CVE-2025-41230, CVE-2025-41231. Multiple vulnerabilities in VMware Cloud Foundation were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. Impacted Products: CVE-2025-41229 | VMware Cloud Foundation Directory Traversal Vulnerability Description:VMware Cloud Foundation contains a directory traversal vulnerability. VMware has evaluated the severity of […]

Security 0
March 9, 2025

VMSA-2025-0004 – VMware ESXi, Workstation, and Fusion multiple Vulnerability

VMware by Broadcom has released VMware ESXi, Workstation, and Fusion updates to address multiple vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. Impacted Products: CVE-2025-22224 | VMCI heap-overflow vulnerability Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3. […]

Security 0
October 27, 2024

Critical zero-day vulnerability in FortiManager is actively exploited – CVE-2024-47575

A missing authentication for critical function vulnerability tracked as CVE-2024-47575 in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability to be exploited in the wild. The company privately warned FortiManager customers about the flaw starting October 13th in advanced notification emails seen by BleepingComputer […]

Fortinet 0
October 9, 2024

VMSA-2024-0020 – VMware NSX – Multiple Vulnerabilities

VMware by Broadcom has released a VMware NSX update to address multiple vulnerabilities CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815. Impacted Products: CVE-2024-38817 | VMware NSX command injection vulnerability Description:VMware NSX contains a command injection vulnerability.  VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7. A malicious actor with access to the NSX […]

Security 0
September 21, 2024

VMSA-2024-0019 – VMware vCenter Server and VMware Cloud Foundation vulnerabilities

VMware has released a security advisory that addresses vulnerabilities CVE-2024-38812 and CVE-2024-38813. These vulnerabilities can allow for heap-overflow and privilege escalation attacks. VMware has published fixes for both vulnerabilities in VMware Cloud Foundation and vCenter Server. Impacted Products: CVE-2024-38812 | VMware vCenter Server heap-overflow vulnerability Description:The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. VMware […]

Security 0
June 22, 2024

VMSA-2024-0012 – VMware vCenter Server – Multiple Vulnerabilities

VMware has addressed several critical vulnerabilities CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081 in the vCenter Server that could allow remote code execution (RCE) or privilege escalation. Updates are available to remediate these vulnerabilities in affected VMware products. Impacted Products:VMware Cloud FoundationVMware vCenter Server CVE-2024-37079 & CVE-2024-37080 – Multiple heap overflow vulnerabilities with the DCERPC protocol. The severity of this vulnerability has the maximum […]

Security 0
April 23, 2024

Exchange Server 2019 and 2016 Hotfix Update

Microsoft released a hotfix for Exchange Server 2016 and 2019 which includes some fixes but most importantly includes a very important feature, Hybrid Modern Authentication support for OWA and ECP in Exchange Server 2019 CU14. in this link, you find the Microsoft original KB regarding the hotfix and some useful information. Exchange 2019 CU14 HU2 15.02.1544.011 Download Exchange 2019 CU13 HU6 15.02.1258.034 […]

Microsoft 0

Categories

vExpert Badge

Consulting

I am available for remote consulting and support.

Click here for Resume Download

Archives

Recent Posts