Lucene search
K

13053 matches found

OSV
OSV
added 2023/10/27 5:15 a.m.4 views

CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...

7.8CVSS5.8AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2023/10/27 5:15 a.m.9 views

AZL-31718 CVE-2023-34058 affecting package open-vm-tools for versions less than 11.3.0-3

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

7.5CVSS6AI score0.00667EPSS
Exploits0References1
OSV
OSV
added 2023/10/27 5:15 a.m.23 views

CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

7.5CVSS7AI score
Exploits0References7
Prion
Prion
added 2023/10/27 5:15 a.m.23 views

Privilege escalation

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...

4.3CVSS7.7AI score0.0019EPSS
Exploits0References1
Prion
Prion
added 2023/10/27 5:15 a.m.29 views

Design/Logic Flaw

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

3.5CVSS6.8AI score0.00402EPSS
Exploits0References10Affected Software2
Prion
Prion
added 2023/10/27 5:15 a.m.32 views

Security feature bypass

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

4.3CVSS7.2AI score0.00667EPSS
Exploits0References7Affected Software4
Cvelist
Cvelist
added 2023/10/27 4:53 a.m.36 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS7.7AI score0.00402EPSS
Exploits0References10
CVE
CVE
added 2023/10/27 4:53 a.m.175 views

CVE-2023-34059

CVE-2023-34059 is a local, high-severity vulnerability in open-vm-tools’ vmware-user-suid-wrapper that can hijack the /dev/uinput file descriptor to simulate user inputs. It affects multiple Linux distributions (e.g., Debian, Red Hat/CentOS, AlmaLinux/AlmaLinux, Amazon Linux 2/2023), with advisor...

7.4CVSS7AI score0.00402EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2023/10/27 4:53 a.m.82 views

CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

7.5CVSS6.6AI score0.00667EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/10/27 4:53 a.m.10 views

CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

7.1CVSS7.1AI score0.00667EPSS
Exploits0References7
CVE
CVE
added 2023/10/27 4:53 a.m.245 views

CVE-2023-34058

CVE-2023-34058 affects open-vm-tools/VMware Tools. A SAML token signature bypass in VMware Tools can enable privilege elevation when a VM’s Guest Operation Privileges and a higher-privilege Guest Alias are involved. Multiple connected advisories confirm open-vm-tools as the affected component acr...

7.5CVSS7.3AI score0.00667EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2023/10/27 4:53 a.m.23 views

CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

7.1CVSS7.8AI score0.00667EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/10/27 4:52 a.m.23 views

CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...

7.8CVSS7.9AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/27 4:52 a.m.9 views

CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...

7.8CVSS7.3AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2023/10/27 4:52 a.m.120 views

CVE-2023-34057

CVE-2023-34057 affects VMware Tools. A local user within a guest VM could escalate privileges in the VM. The vulnerability is addressed by updates to VMware Tools (e.g., versions 12.1.1 and 12.3.5 per advisories) with remediation guidance in VMSA-2023-0024; exploitation details are not provided i...

7.8CVSS7.6AI score0.0019EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.5 views

VMware Tools Security Vulnerability

VMware Tools is an enhancement tool that comes with VMware's VMWare virtual machines. It is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer. A security vulnerability...

7.8CVSS6.7AI score0.0019EPSS
Exploits0References2
NCSC
NCSC
added 2023/10/27 12:0 a.m.9 views

Vulnerabilities fixed in VMware Tools

VMware has fixed vulnerabilities in VMware Tools. A malicious person with access to a guest system in which VMWare Tools are installed can exploit the vulnerabilities to give themselves elevated privileges and thus potentially execute code with elevated privileges. VMware has released updates to...

7.8CVSS7.5AI score0.01193EPSS
Exploits0
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.6 views

VMware Tools Security Vulnerability

VMware Tools is an enhancement tool that comes with VMware's VMWare virtual machines, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer. A security vulnerabilit...

7.5CVSS6AI score0.00667EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.3 views

VMware Tools Security Vulnerability

VMware Tools is an enhancement tool that comes with VMware's VMWare virtual machines, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer. A security vulnerabilit...

7.4CVSS6AI score0.00402EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2023/10/27 12:0 a.m.27 views

CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...

7.8CVSS7.1AI score0.0019EPSS
Exploits0References2
Rows per page
Query Builder