Lucene search
K

13053 matches found

Cvelist
Cvelist
added 2023/10/20 8:59 a.m.31 views

CVE-2023-34046 VMware Fusion TOCTOU local privilege escalation vulnerability

VMware Fusion13.x prior to 13.5 contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during installation for the first time the user needs to drag or copy the application to a folder from the '.dmg' volume or when installing an upgrade. A malicious actor with local...

6.7CVSS7.1AI score0.00128EPSS
Exploits0References1
CVE
CVE
added 2023/10/20 8:59 a.m.74 views

CVE-2023-34046

VMware Fusion TOCTOU local privilege escalation (CVE-2023-34046) affects Fusion 13.x prior to 13.5 during initial installation or upgrade. A local non-administrative user can escalate privileges to root on the host. VMware’s VMSA-2023-0022 and accompanying resources specify a fixed version of 13....

7CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/20 8:56 a.m.128 views

CVE-2023-34044

CVE-2023-34044 is an out-of-bounds read vulnerability in VMware Workstation 17.x before 17.5 and VMware Fusion 13.x before 13.5, in the Bluetooth host-device sharing function. A local attacker with VM privileges can read sensitive information from hypervisor memory. No exploit details are provide...

7.1CVSS6AI score0.00204EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/20 5:15 a.m.3 views

CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

7.8CVSS5.8AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/10/20 5:15 a.m.43 views

CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

7.8CVSS7.7AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2023/10/20 5:15 a.m.2 views

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.8CVSS6AI score0.44667EPSS
Exploits1References1
NVD
NVD
added 2023/10/20 5:15 a.m.31 views

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.8CVSS9.9AI score0.44667EPSS
Exploits1References1
Prion
Prion
added 2023/10/20 5:15 a.m.34 views

Deserialization of untrusted data

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

4.3CVSS8.2AI score0.00204EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/20 5:15 a.m.26 views

Authentication flaw

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

7.5CVSS10AI score0.44667EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/10/20 4:11 a.m.33 views

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

10AI score0.44667EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/20 4:11 a.m.11 views

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.9AI score0.44667EPSS
Exploits1References1
CVE
CVE
added 2023/10/20 4:11 a.m.156 views

CVE-2023-34051

The CVE-2023-34051 entry describes an authentication bypass in VMware Aria Operations for Logs that allows an unauthenticated attacker to inject files into the appliance’s operating system, potentially enabling remote code execution. Public sources in the connected documents confirm affected prod...

9.8CVSS9.8AI score0.44667EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/20 4:11 a.m.17 views

CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

6.9AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/20 4:11 a.m.39 views

CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

7.9AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2023/10/20 4:11 a.m.115 views

CVE-2023-34052

CVE-2023-34052 affects VMware Aria Operations for Logs (deserialization vulnerability enabling authentication bypass). A non-administrative, local attacker can trigger deserialization to bypass authentication. VMware’s advisory VMSA-2023-0021 provides remediation: update to fixed version 8.14. Th...

7.8CVSS8.2AI score0.00204EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.10 views

VMware Aria Operations for Logs Security Vulnerability

VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs, which stems from an authentication bypass vulnerability...

9.8CVSS7AI score0.44667EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.7 views

VMware Workstation Buffer Error Vulnerability

VMware Workstation is a set of virtual machine software from VMware. The software provides the ability to run multiple virtual machines with different operating systems at the same time. A security vulnerability exists in VMware Workstation version 17.x prior to 17.5, which stems from an...

7.1CVSS6.2AI score0.00204EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.4 views

PT-2023-6348

Name of the Vulnerable Software and Affected Versions VMware Workstation versions prior to 17.5 and VMware Fusion versions prior to 13.5 Description A flaw exists in the functionality for sharing host Bluetooth devices with virtual machines in VMware Workstation and VMware Fusion. This issue...

7.1CVSS6.5AI score0.00204EPSS
Exploits0References37
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.6 views

VMware Fusion Security Vulnerability

VMware Fusion is a suite of virtual machine software from VMware, Inc. designed to run Windows applications on Macs. A security vulnerability exists in VMware Fusion versions 13.x through 13.5 and earlier, which stems from a local elevation of privilege vulnerability...

7CVSS6.8AI score0.00128EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2023/10/20 12:0 a.m.33 views

KLA61502 OSI vulnerability in VMWare Workstation

Information disclosure vulnerability was found in VMWare Workstation. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories VMSA-2023-0022 Related products VMware-Workstation CVE list CVE-2023-34044 high Solution Update to the latest version Download...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder