13053 matches found
CVE-2023-34046 VMware Fusion TOCTOU local privilege escalation vulnerability
VMware Fusion13.x prior to 13.5 contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during installation for the first time the user needs to drag or copy the application to a folder from the '.dmg' volume or when installing an upgrade. A malicious actor with local...
CVE-2023-34046
VMware Fusion TOCTOU local privilege escalation (CVE-2023-34046) affects Fusion 13.x prior to 13.5 during initial installation or upgrade. A local non-administrative user can escalate privileges to root on the host. VMware’s VMSA-2023-0022 and accompanying resources specify a fixed version of 13....
CVE-2023-34044
CVE-2023-34044 is an out-of-bounds read vulnerability in VMware Workstation 17.x before 17.5 and VMware Fusion 13.x before 13.5, in the Bluetooth host-device sharing function. A local attacker with VM privileges can read sensitive information from hypervisor memory. No exploit details are provide...
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
Deserialization of untrusted data
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...
Authentication flaw
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
CVE-2023-34051
The CVE-2023-34051 entry describes an authentication bypass in VMware Aria Operations for Logs that allows an unauthenticated attacker to inject files into the appliance’s operating system, potentially enabling remote code execution. Public sources in the connected documents confirm affected prod...
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...
CVE-2023-34052
CVE-2023-34052 affects VMware Aria Operations for Logs (deserialization vulnerability enabling authentication bypass). A non-administrative, local attacker can trigger deserialization to bypass authentication. VMware’s advisory VMSA-2023-0021 provides remediation: update to fixed version 8.14. Th...
VMware Aria Operations for Logs Security Vulnerability
VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs, which stems from an authentication bypass vulnerability...
VMware Workstation Buffer Error Vulnerability
VMware Workstation is a set of virtual machine software from VMware. The software provides the ability to run multiple virtual machines with different operating systems at the same time. A security vulnerability exists in VMware Workstation version 17.x prior to 17.5, which stems from an...
PT-2023-6348
Name of the Vulnerable Software and Affected Versions VMware Workstation versions prior to 17.5 and VMware Fusion versions prior to 13.5 Description A flaw exists in the functionality for sharing host Bluetooth devices with virtual machines in VMware Workstation and VMware Fusion. This issue...
VMware Fusion Security Vulnerability
VMware Fusion is a suite of virtual machine software from VMware, Inc. designed to run Windows applications on Macs. A security vulnerability exists in VMware Fusion versions 13.x through 13.5 and earlier, which stems from a local elevation of privilege vulnerability...
KLA61502 OSI vulnerability in VMWare Workstation
Information disclosure vulnerability was found in VMWare Workstation. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories VMSA-2023-0022 Related products VMware-Workstation CVE list CVE-2023-34044 high Solution Update to the latest version Download...