CyberSecurityBoard
Sponsor Register Login

VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components

The security update for Tanzu Greenplum 6.29.0 addresses 18 vulnerabilities across multiple components, with critical flaws identified in PL/Container Python3 Image (GHSA-f73w-4m7g-ch9x and CVE-2024-3596) and DataSciencePython3.9 (GHSA-x4wf-678h-2pmq). Among the 29 vulnerabilities in VMware Tanzu Greenplum Backup and Restore, several are classified as critical, including CVE-2023-39320, CVE-2024-24790, and GHSA-v778-237x-gjrc. Despite the security-focused nature of these releases, VMware has included functional improvements in Tanzu Greenplum Backup and Restore 1.31.0, such as support for taking backups on a GPDR recovery cluster. The Greenplum Platform Extensions Framework contains two critical vulnerabilities (CVE‑2024‑47561 and CVE‑2018‑1282) that could lead to significant security breaches if left unpatched. Organizations using VMware Tanzu Greenplum Backup and Restore should upgrade to version 1.31.0 or later, while Tanzu Greenplum users should implement version 6.29.0 or newer. The security advisories, published on April 7, 2025, include patches for vulnerabilities with CVSS scores as high as 9.8, indicating critical severity levels that require immediate attention from organizations using these products. For Tanzu Greenplum Disaster Recovery, the recent 1.3.0 release introduced a Read Replica mode supporting Greenplum 6.29.0 and above, allowing users to run read-only queries against recovery clusters. CVE-2025-22866 affects VMware Tanzu Platform for Cloud Foundry’s networking components, including cf-networking and silk, which could enable unauthorized network access or data interception in isolation segments. Users implementing backup operations with the gpbackup utility should note that version 1.31.0 introduces crucial fixes, particularly for privilege statement syntax issues on Greenplum 7 procedures. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Apr 2025 15:50:12 +0000


Cyber News related to VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components

VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components - The security update for Tanzu Greenplum 6.29.0 addresses 18 vulnerabilities across multiple components, with critical flaws identified in PL/Container Python3 Image (GHSA-f73w-4m7g-ch9x and CVE-2024-3596) and DataSciencePython3.9 ...
2 months ago Cybersecuritynews.com CVE-2024-3596
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Business Data Backup and Recovery Planning - Data backup and recovery planning is essential in today's interconnected and data-driven business landscape. By understanding the significance of data backup and recovery planning, businesses can effectively protect their critical information and ...
1 year ago Securityzap.com
VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
1 year ago Bleepingcomputer.com CVE-2023-34048 CVE-2023-34056
Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
2 years ago Hackread.com CVE-2021-21974
CVE-2023-31131 - Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to ...
2 years ago
CVE-2025-41233 - Description: ...
1 week ago
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com CVE-2023-34060
VMWare Patches Two Critical Vulnerabilities - How to Stay Secure - VMWare, one of the leading providers in virtualization solutions, recently released patches for two critical vulnerabilities. The vulnerabilities, identified as CVE-2023-10000 and CVE-2023-20001, have been determined to have severe security ...
2 years ago Thehackernews.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
2 years ago Thehackernews.com
VMware Tools for Windows Vulnerability Let Attackers Bypass Authentication - According to the security advisory VMSA-2025-0005, the authentication bypass vulnerability stems from improper access control in the VMware Tools for Windows utilities suite. In response to this vulnerability, cybersecurity experts recommend that ...
2 months ago Cybersecuritynews.com CVE-2025-22230
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com CVE-2023-34060
Veeam Data Platform 23H2 update enhances resilience against ransomware - 1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of new features and enhancements designed to not only protect enterprises' most critical ...
1 year ago Helpnetsecurity.com
Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover - A critical unauthenticated remote control execution bug in a backup plug-in that's been downloaded more than 90,000 times exposes vulnerable WordPress sites to takeover - another example of the epidemic of risk posed by flawed plug-ins for the ...
1 year ago Darkreading.com CVE-2023-6553
CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 months ago Cybersecuritynews.com
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files - The Shadowserver Foundation has reported detecting 208 vulnerable instances of Nakivo Backup & Replication software affected by CVE-2024-48248, a critical vulnerability that enables arbitrary file reads. A critical vulnerability tracked as ...
3 months ago Cybersecuritynews.com CVE-2024-48248
Chinese Espionage Group Has Exploited VMware Flaw Since 2021 - A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware's vCenter Server since at least late 2021, according to the ...
1 year ago Securityboulevard.com CVE-2023-34048 CVE-2023-20867
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities - The CL0P ransomware group exploited vulnerabilities to access sensitive employee data, including names and Social Security numbers. SonicWall has patched three vulnerabilities in its NetExtender VPN client for Windows (versions prior to 10.3.2). ...
2 months ago Cybersecuritynews.com CVE-2025-29824 Scattered Spider SideCopy
Oracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploits - “Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company stated in its advisory. Oracle Database Server versions 19.3-19.26, 21.3-21.17, ...
2 months ago Cybersecuritynews.com
Veeam RCE bug lets domain users hack backup servers, patch now - Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. Ransomware gangs have told BleepingComputer in the past that Veeam ...
3 months ago Bleepingcomputer.com CVE-2025-23120
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
8 months ago Securityboulevard.com CVE-2024-45409
Broadcom warns of authentication bypass in VMware Windows Tools - For instance, in November, Broadcom warned that attackers were exploiting two VMware vCenter Server vulnerabilities: a privilege escalation to root (CVE-2024-38813) and a critical remote code execution flaw (CVE-2024-38812) identified during China's ...
2 months ago Bleepingcomputer.com CVE-2024-38813
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
1 year ago Securityweek.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270
Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years - One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat for years before a patch became available. In a sign of just how severe this particular issue was, VMware went so far ...
1 year ago Darkreading.com CVE-2023-34048 CVE-2023-20867

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)