4452 matches found
VMware Tools Authentication Bypass Vulnerability
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access ove...
SUSE SLES12: libvmtools0 / open-vm-tools / open-vm-tools-desktop / etc (SUSE-SU-2023:2530-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2530-1 advisory. - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module bsc1212143. Bug fixes: - Fixed build problem with grpc 1.54...
Zimbra Collaboration Suite 命令注入漏洞
Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra in the United States. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite versions 9.0 and 8.8.15, which stems from a local elevation of...
Failed to get guest OS path for newly attached disk there are 2 new disks with uuid
Challenge A backup job using a Linux-based VMware Backup Proxy fails with the error: Failed to get guest OS path for newly attached disk /.vmdk: there are 2 new disks with uuid Cause This error occurs when the Linux-based VMware Backup Proxy processing the virtual machine has multipath enabled...
CVE-2023-20867
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...
Design/Logic Flaw
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...
CVE-2023-20867 VMware Tools Authentication Bypass Vulnerability
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...
CVE-2023-20867
Summary: CVE-2023-20867 affects open-vm-tools (VMware Tools) with an authentication bypass in the vgauth module, enabling a fully compromised ESXi host to disrupt host-to-guest authentication and impact guest VM confidentiality and integrity. The issue is exploitable with root access on ESXi (loc...
CVE-2023-20867 VMware Tools Authentication Bypass Vulnerability
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...
CVE-2023-20867
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...
Exploit for Path Traversal in Microsoft
CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...
GHSA-F7QW-JJ9C-RPQ9 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Note The official templates of Lima, and the well-known third party products Colima, Rancher Desktop, and Finch are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...
USN-6127-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
CVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
CVE-2023-32684 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and t...
Lima 安全漏洞
github lima is a software application. Linux virtual machine, on macOS aka "Linux-on-Mac", "macOS subsystem for Linux", "Mac containerd", unofficial. Mac containerd", unofficially A security vulnerability exists in versions prior to Lima 0.16.0 that stems from a virtual machine instance with a...
The vulnerability of the Zimbra Collaboration Suite’s corporate email management system lies in the use of certain JVM arguments within the mail server. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Zimbra Collaboration Suite email management system is related to the use of certain arguments in the Java Virtual Machine JVM used by the mail server. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibili...
CVE-2023-32675
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper version...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that stems...
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...