13053 matches found
CVE-2023-34056 VMware vCenter Server Partial Information Disclosure Vulnerability
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data...
CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution...
CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution...
SUSE CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
CVE-2023-34048
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. Recent assessments: ccondon-r7 at January 19, 2024...
The vulnerability in the shared usage function of Bluetooth between host devices and virtual machine supervisors by VMware Workstation and VMware Fusion allows attackers to disclose protected information.
The vulnerability of the shared-host device Bluetooth function with VMware Workstation and VMware Fusion virtual machines relates to memory-walking attacks. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these systems...
The vulnerability of VMware Fusion’s hypervisor, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of VMware Fusion relates to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of VMware Fusion’s hypervisor is related to synchronization errors when using shared resources, allowing attackers to increase their privileges.
The vulnerability of VMware Fusion relates to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...
VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)
3a. VMware vCenter Server Out-of-Bounds Write Vulnerability CVE-2023-34048 vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base sco...
VMware vCenter Server Buffer Error Vulnerability
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. Module Options msf...
VMWare Aria Operations For Networks SSH Private Key Exposure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'VMWare Aria Operations for Networks vRealize Network Insight SSH Private Key Exposure',...
VMWare Aria Operations For Networks SSH Private Key Exposure Exploit
VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. This module requir...
VMSA-2023-0024:VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities
Advisory ID: VMSA-2023-0024 CVSSv3 Range: 7.1 - 7.8 Issue Date:2023-10-26 Updated On: 2023-10-26 Initial Advisory CVEs: CVE-2023-34057, CVE-2023-34058 Synopsis: VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities CVE-2023-34057, CVE-2023-34058 R...
DEBIAN-CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
AZL-31760 CVE-2023-5633 affecting package kernel for versions less than 5.15.153.1-1
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
Double free
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...
UBUNTU-CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...