13053 matches found
VMware Releases Advisory for VMware Tools Vulnerabilities
VMware released a security advisory addressing multiple vulnerabilities CVE-2023-34057, CVE-2023-34058 in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware advisory...
The vulnerabilities of the Dell EMC storage integration tool with VMware’s virtualization platform, the Dell Storage Integration Tools for VMware (DSITV); the data storage management tool that manages Dell EMC storage through VMware vSphere Client; the data replay management tool for virtual machines on the virtualization platform, Replay Manager for VMware (RMSV). These vulnerabilities allow attackers to disclose sensitive information.
The vulnerabilities of the Dell EMC storage integration tool with VMware’s virtualization platform, the Dell Storage Integration Tools for VMware DSITV; the data storage management tool that manages Dell EMC storage through VMware vSphere Client; and the virtual machine data replay management too...
Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security
CVE-2022-31692 A demonstration of a Spring Secu...
Privilege Escalation
open-vm-tools is vulnerable to Privilege Escalation. The vulnerability is a file descriptor hijack within the vmware-user-suid-wrapper allowing a malicious attacker to simulate user inputs...
SAML Token Signature Bypass
open-vm-tools is vulnerable to SAML Token Signature Bypass. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted file or visiting a malicious website. The file or website would contain a specially crafted SAML token that would exploit the flaw in VMware...
The vulnerability of the Jenkins VMware Lab Manager Slaves Plugin involves disabling the global use of SSL/TLS protocols and verifying the authenticity of the host name for the virtual machine (JVM). This allows an attacker to execute a “man-in-the-middle” attack.
The vulnerability of the Jenkins VMware Lab Manager Slaves Plugin relates to the disabling of global use of SSL/TLS protocols and identity verification for virtual machine JVM hosts. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963-Poc-Bearcules This is a POC for CVE-2022-229...
SUSE SLES15: libvmtools-devel / libvmtools0 / open-vm-tools / etc (SUSE-SU-2023:4230-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4230-1 advisory. - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue throug...
The vulnerability in the set of utilities for VMware Tools on MacOS, related to errors in privilege management, allows a perpetrator to escalate their privileges.
The vulnerability of the VMware Tools utility for MacOS operating systems is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the VMware Tools utility for Windows operating systems stems from flaws in the authentication process, which allows attackers to escalate their privileges.
The vulnerability of the VMware Tools utility for Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : open-vm-tools (SUSE-SU-2023:4227-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4227-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has...
Metasploit Weekly Wrap-Up
New module content 4 Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: 18447 contributed by emirpolatt Path: admin/http/atlassianconfluenceauthbypass AttackerKB reference: CVE-2023-22515...
Vmware vCenter Flaws Leading to RCE Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, were identified in VMware vCenter Server, a server management software used for centralized management of virtual machines and ESXi hosts...
AZL-31733 CVE-2023-34059 affecting package open-vm-tools for versions less than 11.3.0-3
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
DEBIAN-CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34057
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...
DEBIAN-CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...