Lucene search
K

13053 matches found

Cvelist
Cvelist
added 2023/10/25 4:24 a.m.31 views

CVE-2023-34056 VMware vCenter Server Partial Information Disclosure Vulnerability

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data...

4.3CVSS4.6AI score0.00667EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 4:21 a.m.42 views

CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution...

9.8CVSS10AI score0.99428EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/25 4:21 a.m.36 views

CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution...

9.8CVSS7.9AI score0.99428EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/10/25 1:0 a.m.4 views

SUSE CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS7.7AI score0.00282EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2023/10/25 12:0 a.m.57 views

CVE-2023-34048

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. Recent assessments: ccondon-r7 at January 19, 2024...

9.8CVSS9.9AI score0.99428EPSS
In wildExploits1References2
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.4 views

The vulnerability in the shared usage function of Bluetooth between host devices and virtual machine supervisors by VMware Workstation and VMware Fusion allows attackers to disclose protected information.

The vulnerability of the shared-host device Bluetooth function with VMware Workstation and VMware Fusion virtual machines relates to memory-walking attacks. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these systems...

7.1CVSS6.2AI score0.00204EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.7 views

The vulnerability of VMware Fusion’s hypervisor, related to deficiencies in access control, allows attackers to escalate their privileges.

The vulnerability of VMware Fusion relates to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.7CVSS7AI score0.00128EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.5 views

The vulnerability of VMware Fusion’s hypervisor is related to synchronization errors when using shared resources, allowing attackers to increase their privileges.

The vulnerability of VMware Fusion relates to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

6.6CVSS7.2AI score0.00163EPSS
Exploits0References5Affected Software1
VMware
VMware
added 2023/10/25 12:0 a.m.30 views

VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)

3a. VMware vCenter Server Out-of-Bounds Write Vulnerability CVE-2023-34048 vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base sco...

7.5CVSS6.4AI score0.99428EPSS
Exploits1References8Affected Software2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.7 views

VMware vCenter Server Buffer Error Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

9.8CVSS8AI score0.99428EPSS
Exploits1References4
Metasploit
Metasploit
added 2023/10/24 7:51 p.m.255 views

VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure

VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. Module Options msf...

9.8CVSS8.2AI score0.63947EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/10/24 12:0 a.m.387 views

VMWare Aria Operations For Networks SSH Private Key Exposure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'VMWare Aria Operations for Networks vRealize Network Insight SSH Private Key Exposure',...

9.8CVSS7.1AI score0.63947EPSS
Exploits9
0day.today
0day.today
added 2023/10/24 12:0 a.m.324 views

VMWare Aria Operations For Networks SSH Private Key Exposure Exploit

VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. This module requir...

9.8CVSS9.8AI score0.63947EPSS
Exploits9
VMware
VMware
added 2023/10/24 12:0 a.m.71 views

VMSA-2023-0024:VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities

Advisory ID: VMSA-2023-0024 CVSSv3 Range: 7.1 - 7.8 Issue Date:2023-10-26 Updated On: 2023-10-26 Initial Advisory CVEs: CVE-2023-34057, CVE-2023-34058 Synopsis: VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities CVE-2023-34057, CVE-2023-34058 R...

7.8CVSS8.3AI score0.00667EPSS
Exploits0References17Affected Software1
OSV
OSV
added 2023/10/23 10:15 p.m.0 views

DEBIAN-CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS7.3AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2023/10/23 10:15 p.m.7 views

AZL-31760 CVE-2023-5633 affecting package kernel for versions less than 5.15.153.1-1

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.9AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2023/10/23 10:15 p.m.25 views

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.6AI score0.00282EPSS
Exploits0References8
OSV
OSV
added 2023/10/23 10:15 p.m.12 views

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS7.6AI score0.00282EPSS
Exploits0References8
Prion
Prion
added 2023/10/23 10:15 p.m.30 views

Double free

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

4.3CVSS6.3AI score0.00461EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2023/10/23 10:15 p.m.1 views

UBUNTU-CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.8AI score0.00282EPSS
Exploits0References9
Rows per page
Query Builder