VMware has addressed a serious SQL injection vulnerability, CVE-2024-22280, found in its Aria Automation product. This flaw, affecting versions 8.x, 5.x, and 4.x of VMware Aria Automation and VMware Cloud Foundation, allows authenticated hackers to execute unauthorized database operations through specially crafted SQL queries due to improper input validation. Researchers Alexandre Lavoie and Felix Boulet discovered the vulnerability and reported it to VMware. Patches have been released to fix this issue, and users are urged to update to the latest versions immediately. Versions 8.17.0 and above are not affected. Users can check their vulnerability status by logging into Aria Automation appliances via SSH and running the vracli version patch command. It's essential to apply the necessary patches or upgrade to version 8.17.0 or later to mitigate this risk.
#cybersecurity #vmware #vulnerability #sql_injection #cve #patch #ssh
Back door xz vulnerability has been officially reverted for @fedora 40 https://www.linux-magazine.com/Online/News/XZ-Gets-the-All-Clear #malare #XZBackdoor #Fedora #Ubuntu #ArchLinux #Linux #OpenSource #security #patch #Rawhide #FOSS
Unlike bloated solutions like #Spacewalk or #Landscape, this framework of QualvoSec is characterized by its minimalistic design, ensuring simplicity and ease of use. It operates entirely in Python, utilizing only a handful of imports to streamline the user experience.
https://gyptazy.ch/blog/qualvosec-a-minimalistic-security-patch-management-tools-for-linux-and-bsd/