The Cybersecurity and Infrastructure Security Agency (CISA) has added 11 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Recent additions include two Firefox zero-days, VMware, Pulse Secure, Atlassian Jira Server, Netgear and Adobe product vulnerabilities.
VMware has patched arbitrary file read and SSRF vCenter Server vulnerabilities (CVE-2021-21980, CVE-2021-22049) that affect VMware vSphere Web Client.
VMware issued a security advisory for multiple vulnerabilities that impact VMware vCenter Server. One of those fixed issues is a Critical vulnerability (CVE-2021-22005) exploited in the wild.
Security researchers have spotted thousands of vulnerable unpatched VMware vCenter servers exposed on the internet. Multiple proof-of-concepts (PoCs) have also been posted online for exploits against a remote code execution (RCE) vulnerability CVE-2021-21985.
VMware has released security updates for two vulnerabilities that impact VMware ESXi, Workstation and Fusion products.
VMware issued security updates for vSphere Data Protection (VDP) to address multiple security vulnerabilities, one of them rated critical.