13053 matches found
How to Import OVF Package to XenServer
This article describes how to import OVF package into XenServer. You can use the Citrix® XenServer Conversion Manager to convert hundreds of virtual machines to XenServer. It saves time and storage by converting a virtual machine directly to XenServer unattended.You can also create a virtual...
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
...
VMware Tools 10.3.x < 12.1.1 Privilege Escalation (VMSA-2023-0024) (macOS)
The version of VMware Tools installed on the remote MacOS/MacOSX host is affected by a privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. Note that Nessus has not tested for these issues but ha...
FreeBSD : open-vm-tools -- Multiple vulnerabilities (d2505ec7-78ea-11ee-9131-6f01853956d5)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2505ec7-78ea-11ee-9131-6f01853956d5 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that ha...
VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024)
The version of VMware Tools installed on the remote Windows host is 10.3.x, 11.x or 12.x prior to 12.3.5. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevat...
Debian DSA-5543-1 : open-vm-tools - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5543 advisory. Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation. For the oldstable distribution bullseye, these...
Important: open-vm-tools
Issue Overview: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be ab...
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...
Open redirect
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...
CVE-2023-20886
CVE-2023-20886 concerns the VMware Workspace ONE UEM console open redirect. Affected: Workspace ONE UEM console versions prior to 22.3.0.48 (and other listed train versions: 22.6.0.36, 22.9.0.29, 22.12.0.20, 23.2.0.10). Root cause: open redirect that can funnel a user to attacker-controlled pages...
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...
[SECURITY] [DSA 5543-1] open-vm-tools security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5543-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2023 https://www.debian.org/security/faq -...
Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws
Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP...
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
...
VMware Workspace ONE Input Validation Error Vulnerability
VMware Vmware Workspace One is a platform from VMware that supports cross-device applications for rapid delivery and management of applications. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoint...
PT-2023-6684 · Vmware · Vmware Workspace One Uem
Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE UEM affected versions not specified Description: The issue is related to an open redirect vulnerability in the VMware Workspace ONE UEM console. This vulnerability can be exploited by a malicious actor to redirect a victi...
VMware Workspace ONE UEM console updates address an open redirect vulnerability (CVE-2023-20886)
3. Advisory Details VMware Workspace ONE UEM console contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8...
A week in security (October 23 – October 29)
Last week on Malwarebytes Labs: Malvertising via Dynamic Search Ads delivers malware bonanza Octo Tempest cybercriminal group is "a growing concern"—Microsoft Update now! Apple patches a raft of vulnerabilities Patch…later? Safari iLeakage bug not fixed Update vCenter Server now! VMWare fixes...