Page 5 of 880 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. La consola VMware Workspace ONE UEM contiene una vulnerabilidad de redireccionamiento abierto. Un actor malintencionado puede redirigir a una víctima hacia un atacante y recuperar su respuesta SAML para iniciar sesión como el usuario víctima. • https://www.vmware.com/security/advisories/VMSA-2023-0025.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. open-vm-tools contiene una vulnerabilidad de secuestro de descriptores de archivos en vmware-user-suid-wrapper. Un actor malintencionado con privilegios no root puede secuestrar el descriptor del archivo /dev/uinput, permitiéndole simular las entradas del usuario. A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs. • http://www.openwall.com/lists/oss-security/2023/10/27/2 http://www.openwall.com/lists/oss-security/2023/10/27/3 http://www.openwall.com/lists/oss-security/2023/11/26/1 http://www.openwall.com/lists/oss-security/2023/11/27/1 https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2 https://lists.fedoraproject.org/archives/list/package-announce@lists • CWE-266: Incorrect Privilege Assignment •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . VMware Tools contiene una vulnerabilidad de omisión de firma de token SAML. Un actor malicioso al que se le han otorgado privilegios de operación de invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. A flaw was found in open-vm-tools. • http://www.openwall.com/lists/oss-security/2023/10/27/1 https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK https://www.debian.org/security/2023/ • CWE-347: Improper Verification of Cryptographic Signature CWE-1220: Insufficient Granularity of Access Control •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. VMware Tools contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso de usuario local a una máquina virtual invitada puede elevar los privilegios dentro de la máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2023-0024.html • CWE-269: Improper Privilege Management •

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •