747 matches found
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...
VMXNET3 Drivers Missing From Recovery Media for Server 2022 vSphere VM
Challenge When attempting to perform a Bare Metal Restore on a vSphere VM using Veeam Recovery Media, which was created from a vSphere VM running Server 2022, the network adapter drivers fail to load. This issue persists despite having the 'Include hardware drivers from this computer' option...
SureBackup Job Failure: "The resource 'VeeamBackup_' is in use."
Challenge A SureBackup job in a vSphere environment fails with the error: The resource 'VeeamBackup' is in use. The error as found in the SureBackup Job log%programdata%\Veeam\Backup\SureBackup\Job.SureBackup.log: Error Failed to connect backup datastore to the ESXi host "esx01.domain.tld"...
The vulnerability of the user interface of the integration plugin between SnapCenter and the VMware SnapCenter Plugin for VMware vSphere (SCV) allows a hacker to alter the email settings.
The vulnerability of the user interface of the integration plugin between SnapCenter and the VMware SnapCenter Plugin for VMware vSphere SCV is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to alter email settings remotely...
CVE-2023-27312
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...
CVE-2023-27312
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...
Code injection
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...
CVE-2023-27312
NetApp SnapCenter Plugin for VMware vSphere is vulnerable in versions 4.6 through 4.8 (and 4.6–4.9 context) due to insufficient access control, allowing authenticated unprivileged users to modify email and snapshot name settings in the vSphere UI. Affected component: SnapCenter Plugin for VMware ...
CVE-2023-27312 Privilege Escalation Vulnerability in SnapCenter Plugin for VMware vSphere
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...
CVE-2023-27312 Privilege Escalation Vulnerability in SnapCenter Plugin for VMware vSphere
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...
NetApp SnapCenter Security Vulnerability
NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, verify, clone, and restore NetApp storage systems. A security vulnerability exists in SnapCenter versions 3.x and 4.x VMware vSphere versions prior to 4.9, which stems from a...
Privilege escalation
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation...
CVE-2023-36628 Privilege Escalation in VASA
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation...
CVE-2023-36628 Privilege Escalation in VASA
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation...
Debian DSA-5493-1 : open-vm-tools - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5493 advisory. - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the...
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
CVE-2023-20900
CVE-2023-20900 is a vulnerability in Open VMware Tools (open-vm-tools) where a malicious actor with Guest Operation Privileges may elevate to a higher privilege via a more-privileged Guest Alias in the VM. The connected documents confirm Open VM Tools is affected and describe a SAML token signatu...