4452 matches found
CVE-2023-34057
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...
Privilege escalation
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...
CVE-2023-34057
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...
CVE-2023-34057
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine...
Unable to Create Memory Dump from Windows 2008 R2 Servers after Installing Service Pack 1
Unable to get the operating system to generate complete memory dumps on Windows 2008 R2 servers after updating the server to Service Pack 1 for Windows 2008 R2. The issue was observed on XenApp 6 servers in various environments: Physical servers XenServer virtual machine XenServer with Provisioni...
UBUNTU-CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...
PT-2023-6487 · Vmware · Vmware Tools
Name of the Vulnerable Software and Affected Versions: VMware Tools affected versions not specified Description: A local privilege escalation issue exists in VMware Tools, allowing a malicious actor with local user access to a guest virtual machine to elevate privileges within the virtual machine...
VMware Workstation 17.0.x < 17.5 Information Disclosure (VMSA-2023-0022)
VMware Workstation 17.x prior to 17.5 contains an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information...
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. Module Options msf...
CVE-2023-34044
VMware Workstation 17.x prior to 17.5 and Fusion13.x prior to 13.5 contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to...
Out-of-bounds
VMware Workstation 17.x prior to 17.5 and Fusion13.x prior to 13.5 contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to...
VDI not Available
“The VDI is not available” message is displayed in XenCenter after attempting to start a Virtual Machine VM. Background The additional details of “VDI is not available” error are not displayed. This article describes the error messages, the reasons for VDI not available error message, extract fro...
The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, or delete data.
The vulnerability of the Java VM component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data using the Oracle Net network protocol...
USN-6444-1 linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive vulnerabilities
Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...
OpenJDK: segmentation fault in ciMethodBlocks
A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service...
OpenJDK: segmentation fault in ciMethodBlocks
A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service...
OpenJDK: segmentation fault in ciMethodBlocks
A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service...