Lucene search
K

13053 matches found

CISA
CISA
added 2023/10/30 12:0 p.m.11 views

VMware Releases Advisory for VMware Tools Vulnerabilities

VMware released a security advisory addressing multiple vulnerabilities CVE-2023-34057, CVE-2023-34058 in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware advisory...

7.8CVSS8.1AI score0.00667EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.4 views

The vulnerabilities of the Dell EMC storage integration tool with VMware’s virtualization platform, the Dell Storage Integration Tools for VMware (DSITV); the data storage management tool that manages Dell EMC storage through VMware vSphere Client; the data replay management tool for virtual machines on the virtualization platform, Replay Manager for VMware (RMSV). These vulnerabilities allow attackers to disclose sensitive information.

The vulnerabilities of the Dell EMC storage integration tool with VMware’s virtualization platform, the Dell Storage Integration Tools for VMware DSITV; the data storage management tool that manages Dell EMC storage through VMware vSphere Client; and the virtual machine data replay management too...

5.5CVSS5.9AI score0.00137EPSS
Exploits0References2Affected Software3
GithubExploit
GithubExploit
added 2023/10/29 5:31 p.m.267 views

Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security

CVE-2022-31692 A demonstration of a Spring Secu...

9.8CVSS9.3AI score0.03425EPSS
Exploits3
Veracode
Veracode
added 2023/10/29 1:25 p.m.165 views

Privilege Escalation

open-vm-tools is vulnerable to Privilege Escalation. The vulnerability is a file descriptor hijack within the vmware-user-suid-wrapper allowing a malicious attacker to simulate user inputs...

7.4CVSS7AI score0.00402EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2023/10/29 1:19 p.m.31 views

SAML Token Signature Bypass

open-vm-tools is vulnerable to SAML Token Signature Bypass. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted file or visiting a malicious website. The file or website would contain a specially crafted SAML token that would exploit the flaw in VMware...

7.5CVSS7.1AI score0.00667EPSS
Exploits0References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/29 12:0 a.m.4 views

The vulnerability of the Jenkins VMware Lab Manager Slaves Plugin involves disabling the global use of SSL/TLS protocols and verifying the authenticity of the host name for the virtual machine (JVM). This allows an attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Jenkins VMware Lab Manager Slaves Plugin relates to the disabling of global use of SSL/TLS protocols and identity verification for virtual machine JVM hosts. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack...

7.8CVSS6.5AI score0.00841EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2023/10/28 9:42 p.m.402 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963-Poc-Bearcules This is a POC for CVE-2022-229...

9.8CVSS9.5AI score0.99939EPSS
Exploits36
Tenable Nessus
Tenable Nessus
added 2023/10/28 12:0 a.m.31 views

SUSE SLES15: libvmtools-devel / libvmtools0 / open-vm-tools / etc (SUSE-SU-2023:4230-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4230-1 advisory. - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue throug...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/10/28 12:0 a.m.6 views

The vulnerability in the set of utilities for VMware Tools on MacOS, related to errors in privilege management, allows a perpetrator to escalate their privileges.

The vulnerability of the VMware Tools utility for MacOS operating systems is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.2AI score0.0019EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/28 12:0 a.m.5 views

The vulnerability of the VMware Tools utility for Windows operating systems stems from flaws in the authentication process, which allows attackers to escalate their privileges.

The vulnerability of the VMware Tools utility for Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

7.5CVSS6.5AI score0.00667EPSS
Exploits0References9Affected Software4
Tenable Nessus
Tenable Nessus
added 2023/10/28 12:0 a.m.21 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : open-vm-tools (SUSE-SU-2023:4227-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4227-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has...

7.5CVSS6.5AI score0.00667EPSS
Exploits0References7
Rapid7 Blog
Rapid7 Blog
added 2023/10/27 6:46 p.m.47 views

Metasploit Weekly Wrap-Up

New module content 4 Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: 18447 contributed by emirpolatt Path: admin/http/atlassianconfluenceauthbypass AttackerKB reference: CVE-2023-22515...

7.5CVSS9.5AI score0.99156EPSS
Exploits46
hivepro
hivepro
added 2023/10/27 1:16 p.m.61 views

Vmware vCenter Flaws Leading to RCE Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, were identified in VMware vCenter Server, a server management software used for centralized management of virtual machines and ESXi hosts...

7.5CVSS7.8AI score0.99428EPSS
Exploits1
OSV
OSV
added 2023/10/27 5:15 a.m.6 views

AZL-31733 CVE-2023-34059 affecting package open-vm-tools for versions less than 11.3.0-3

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7CVSS6.1AI score0.00402EPSS
Exploits0References1
NVD
NVD
added 2023/10/27 5:15 a.m.28 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS7.4AI score0.00402EPSS
Exploits0References11
OSV
OSV
added 2023/10/27 5:15 a.m.2 views

DEBIAN-CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7CVSS6.2AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2023/10/27 5:15 a.m.20 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7CVSS6.9AI score
Exploits0References11
NVD
NVD
added 2023/10/27 5:15 a.m.25 views

CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...

7.8CVSS7.7AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2023/10/27 5:15 a.m.2 views

DEBIAN-CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

7.5CVSS6.1AI score0.00667EPSS
Exploits0References1
NVD
NVD
added 2023/10/27 5:15 a.m.18 views

CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

7.5CVSS7.1AI score0.00667EPSS
Exploits0References7
Rows per page
Query Builder