13053 matches found
VMware Cloud Director Security Vulnerability
VMware Cloud Director is a cloud service delivery platform from VMware. The platform supports virtual datacenter creation, multi-site management, datacenter scaling and cloud migration, and cloud-native application development. A security vulnerability exists in VMware Cloud Director that could...
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit
This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and yo...
VMSA-2023-0026:VMware Cloud Director Appliance contains an authentication bypass vulnerability
Advisory ID: VMSA-2023-0026.1 CVSSv3 Range: 9.8 Issue Date:2023-11-14 Updated On: 2023-11-30 CVEs: CVE-2023-34060 Synopsis: VMware Cloud Director Appliance contains an authentication bypass vulnerability CVE-2023-34060. RSS Feed Download PDF Download Text File Share this page on social media: 1...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Vulnerability - CVE-2022-22965 :closedbook:...
[SECURITY] Fedora 38 Update: open-vm-tools-12.3.0-3.fc38
The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and...
[SECURITY] Fedora 39 Update: open-vm-tools-12.3.0-3.fc39
The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and...
[SECURITY] Fedora 37 Update: open-vm-tools-12.3.0-3.fc37
The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and...
Fedora: Security Advisory for open-vm-tools (FEDORA-2023-08e2bb6815)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for open-vm-tools (FEDORA-2023-1ed0ec0035)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Navigating Threats – Insights from the Wallarm API ThreatStats™ Report Q3’2023
The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report...
kernel: VMCI: Use threaded irqs instead of tasklets
In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...
kernel: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
A memory leak vulnerability was found in the VMware graphics driver vmwgfx in the Linux kernel. In vmwmksstataddioctl, when copying the description string from userspace fails with -EFAULT, the allocated page for the instance descriptor is not freed. This leads to memory leakage that can cause...
VMware Workstation UHCI Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
VMware vCenter Server Appliance DCE/RPC Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of DCE/RPC protocol. The issue results from the lack ...
Rocky Linux 9 : ignition (RLSA-2022:8126)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8126 advisory. - A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only...
Debian dla-3646 : open-vm-tools - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3646 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3646-1 [email protected]...
Rocky Linux 8 : open-vm-tools (RLSA-2022:6357)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6357 advisory. - VMware Tools 12.0.0, 11.x.y and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest...
Amazon Linux 2023 : open-vm-tools, open-vm-tools-desktop, open-vm-tools-devel (ALAS2023-2023-423)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-423 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-...
Understand Power Actions
When the user clicks on the Shutdown/Restart option within the VDI, you see error in VMware Console. Parameter: ShutdownDesktopsAfterUser $True Autoscale set to keep the machine on all the time i.e Autoscale set at 100%...
Important: open-vm-tools
Issue Overview: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be ab...