Lucene search
K

13053 matches found

Citrix
Citrix
added 2023/11/03 12:0 a.m.9 views

How to Import OVF Package to XenServer

This article describes how to import OVF package into XenServer. You can use the Citrix® XenServer Conversion Manager to convert hundreds of virtual machines to XenServer. It saves time and storage by converting a virtual machine directly to XenServer unattended.You can also create a virtual...

7.1AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/11/01 7:0 a.m.7 views

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

...

7.4CVSS7AI score0.00402EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.27 views

VMware Tools 10.3.x < 12.1.1 Privilege Escalation (VMSA-2023-0024) (macOS)

The version of VMware Tools installed on the remote MacOS/MacOSX host is affected by a privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. Note that Nessus has not tested for these issues but ha...

7.8CVSS7.4AI score0.0019EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.17 views

FreeBSD : open-vm-tools -- Multiple vulnerabilities (d2505ec7-78ea-11ee-9131-6f01853956d5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2505ec7-78ea-11ee-9131-6f01853956d5 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that ha...

7.5CVSS6.4AI score0.00667EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.191 views

VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024)

The version of VMware Tools installed on the remote Windows host is 10.3.x, 11.x or 12.x prior to 12.3.5. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevat...

7.5CVSS6.6AI score0.00667EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.35 views

Debian DSA-5543-1 : open-vm-tools - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5543 advisory. Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation. For the oldstable distribution bullseye, these...

7.5CVSS6.5AI score0.00667EPSS
Exploits0References8
Amazon
Amazon
added 2023/11/01 12:0 a.m.35 views

Important: open-vm-tools

Issue Overview: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be ab...

7.5CVSS6.7AI score0.00667EPSS
Exploits0
NVD
NVD
added 2023/10/31 9:15 p.m.19 views

CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...

8.8CVSS8.6AI score0.00398EPSS
Exploits0References1
OSV
OSV
added 2023/10/31 9:15 p.m.6 views

CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...

6.1CVSS5.8AI score0.00398EPSS
Exploits0References1
Prion
Prion
added 2023/10/31 9:15 p.m.16 views

Open redirect

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...

5.8CVSS6.1AI score0.00398EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 8:44 p.m.12 views

CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...

8.8CVSS6.7AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2023/10/31 8:44 p.m.114 views

CVE-2023-20886

CVE-2023-20886 concerns the VMware Workspace ONE UEM console open redirect. Affected: Workspace ONE UEM console versions prior to 22.3.0.48 (and other listed train versions: 22.6.0.36, 22.9.0.29, 22.12.0.20, 23.2.0.10). Root cause: open redirect that can funnel a user to attacker-controlled pages...

8.8CVSS6.1AI score0.00398EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/31 8:44 p.m.16 views

CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...

8.8CVSS8.8AI score0.00398EPSS
Exploits0References1
Debian
Debian
added 2023/10/31 7:29 p.m.30 views

[SECURITY] [DSA 5543-1] open-vm-tools security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5543-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2023 https://www.debian.org/security/faq -...

7.5CVSS7.2AI score0.00667EPSS
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/10/31 11:0 a.m.17 views

Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws

Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP...

7.3AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/10/31 7:0 a.m.6 views

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

...

7.5CVSS7AI score0.00667EPSS
Exploits0
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.6 views

VMware Workspace ONE Input Validation Error Vulnerability

VMware Vmware Workspace One is a platform from VMware that supports cross-device applications for rapid delivery and management of applications. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoint...

8.8CVSS6.8AI score0.00398EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.4 views

PT-2023-6684 · Vmware · Vmware Workspace One Uem

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE UEM affected versions not specified Description: The issue is related to an open redirect vulnerability in the VMware Workspace ONE UEM console. This vulnerability can be exploited by a malicious actor to redirect a victi...

10CVSS5.9AI score0.00398EPSS
Exploits0References8
VMware
VMware
added 2023/10/31 12:0 a.m.32 views

VMware Workspace ONE UEM console updates address an open redirect vulnerability (CVE-2023-20886)

3. Advisory Details VMware Workspace ONE UEM console contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8...

5.8CVSS6.3AI score0.00398EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2023/10/30 2:44 p.m.10 views

A week in security (October 23 &#8211; October 29)

Last week on Malwarebytes Labs: Malvertising via Dynamic Search Ads delivers malware bonanza Octo Tempest cybercriminal group is "a growing concern"—Microsoft Update now! Apple patches a raft of vulnerabilities Patch…later? Safari iLeakage bug not fixed Update vCenter Server now! VMWare fixes...

7AI score
Exploits0
Rows per page
Query Builder