Lucene search
K

24 matches found

EUVD
EUVD
added 2026/06/18 1:47 p.m.8 views

EUVD-2026-37889

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 1:47 p.m.7 views

CVE-2026-42490

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.2AI score0.002EPSS
Exploits0References2
NVD
NVD
added 2025/05/20 3:16 p.m.31 views

CVE-2025-41226

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs...

6.8CVSS0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/20 2:24 p.m.24 views

CVE-2025-41226 Guest Operations Denial-of-Service Vulnerability

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs...

6.8CVSS0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/20 2:24 p.m.12 views

CVE-2025-41226 Guest Operations Denial-of-Service Vulnerability

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs...

6.8CVSS6.7AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2025/05/20 2:24 p.m.120 views

CVE-2025-41226

CVE-2025-41226 affects VMware ESXi (guest-operations DoS). A malicious actor with guest operation privileges, already authenticated via vCenter Server or ESXi, can trigger a DoS on guest VMs running VMware Tools. Connected IBM bulletin confirms this CVE and notes remediation via updates to VMware...

6.8CVSS6.7AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.6 views

PT-2025-22147 · Vmware · Vmware Esxi +2

Name of the Vulnerable Software and Affected Versions: VMware ESXi affected versions not specified Description: The issue is a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated...

6.8CVSS6AI score0.00237EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/11 3:42 p.m.24 views

Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to use of open-vm-tools (CVE-2023-20900)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit hypervisor users to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20900 DESCRIPTION: VMware Tools could allow a remote attacker to bypa...

7.5CVSS7AI score0.01193EPSS
Exploits0Affected Software1
Ubuntu
Ubuntu
added 2023/12/06 9:43 a.m.59 views

USN-6463-2: Open VM Tools vulnerabilities

USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could...

7.5CVSS6.7AI score0.00667EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/06 12:0 a.m.74 views

VMware Tools for Linux 10.3.x < 10.3.26 Authentication Bypass (VMSA-2023-0019)

The version of VMware Tools installed on the remote Linux host is 10.3.x prior to 10.3.26. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious attacker with man-in-the-middle network positioning in the virtual machine network can bypass SAML token signature...

7.5CVSS7AI score0.01193EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/10/31 2:47 p.m.63 views

USN-6463-1: Open VM Tools vulnerabilities

It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...

7.5CVSS6.5AI score0.00667EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/09/25 10:55 a.m.95 views

USN-6365-2: Open VM Tools vulnerability

USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SA...

7.5CVSS7.1AI score0.01193EPSS
Exploits0
OSV
OSV
added 2023/09/25 10:55 a.m.5 views

USN-6365-2 open-vm-tools vulnerability

USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SA...

7.5CVSS6.9AI score0.01193EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/09/13 2:54 p.m.82 views

USN-6365-1: Open VM Tools vulnerability

It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations...

7.5CVSS7AI score0.01193EPSS
Exploits0
OSV
OSV
added 2023/09/13 2:54 p.m.4 views

USN-6365-1 open-vm-tools vulnerability

It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations...

7.5CVSS7AI score0.01193EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/05 4:39 a.m.38 views

Man-in-the-Middle (MitM)

open-vm-tools is vulnerable to Man-in-the-Middle MitM attacks. This vulnerability can be exploited by an attacker with man-in-the-middle MITM network positioning between vCenter and the ESXi host hosting the virtual machine to bypass SAML token signature verification, to perform VMware Tools Gues...

7.5CVSS6.7AI score0.01193EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.32 views

SUSE SLES15: libvmtools-devel / libvmtools0 / open-vm-tools / etc (SUSE-SU-2023:3505-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3505-1 advisory. - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module bsc1212143. - CVE-2023-20900: Fixed SAML token...

7.5CVSS7AI score0.13638EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

VMware Tools 安全漏洞

VMware Tools is a VMware enhancement tool that comes with VMware virtual machines. It is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with those of the host computer. A security...

7.5CVSS6.9AI score0.01193EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.6 views

PT-2023-4654

Name of the Vulnerable Software and Affected Versions VMware Tools affected versions not specified Description The issue is related to a SAML token signature bypass vulnerability in VMware Tools. A malicious actor with man-in-the-middle MITM network positioning between vCenter server and the...

7.5CVSS6.4AI score0.13638EPSS
Exploits1References134
UbuntuCve
UbuntuCve
added 2023/06/13 12:0 a.m.207 views

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...

3.9CVSS6.5AI score0.13638EPSS
Exploits0References4
Rows per page
Query Builder