A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability.
Vmware horizon client 5.5.1 code#
An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. VMware Aria Operations for Logs contains a command injection vulnerability.
Vmware horizon client 5.5.1 Bluetooth#
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. VMware Fusion contains a local privilege escalation vulnerability. VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.
0 kommentar(er)
