Lucene search
K

13053 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/28 12:0 a.m.27 views

Rocky Linux 8 : open-vm-tools (RLSA-2023:7265)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7265 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

7.5CVSS6.5AI score0.00667EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.4 views

VMware Spring Boot Security Vulnerability

VMware Spring Boot is a set of open source frameworks from VMware. A security vulnerability exists in VMware Spring Boot that originates from allowing an attacker to cause a denial of service DOS via a specially crafted HTTP request. Affected products and versions: Spring Boot versions 2.7.0...

6.5CVSS6.6AI score0.01219EPSS
Exploits0References7
Openbugbounty
Openbugbounty
added 2023/11/22 5:38 p.m.6 views

pop.sddc-35-160-202-3.vmc.vmware.com Cross Site Scripting vulnerability OBB-3790585

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/22 12:0 a.m.24 views

Oracle Linux 8 : open-vm-tools (ELSA-2023-7265)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7265 advisory. - Fix CVE-2023-34058 open-vm-tools: SAML token signature bypass Tenable has extracted the preceding description block directly from the Oracle Linux...

7.5CVSS6.5AI score0.00667EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2023/11/21 7:58 p.m.69 views

USN-6503-1: Linux kernel vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Bien Pham discovered that the netfiler subsystem in the Linux...

7.8CVSS7.2AI score0.0047EPSS
Exploits0
hivepro
hivepro
added 2023/11/21 6:12 a.m.28 views

Attacks, Vulnerabilities and Actors 13 November to 19 November 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of nine attacks were executed, twelve vulnerabilities were uncovered, and four active adversaries we...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.29 views

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6503-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6503-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local...

7.8CVSS7.4AI score0.0047EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2023/11/21 12:0 a.m.38 views

open-vm-tools security update

12.2.5-3.0.1.1 - Fix CVE-2023-34058 open-vm-tools: SAML token signature bypass - Fix CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper...

7.5CVSS7.5AI score0.00667EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/11/20 12:0 a.m.4 views

The vulnerability of the sssd component in the basic operating system of the Photon OS platform, which is used for managing cloud storage solutions like VMware Cloud Director, allows a hacker to gain increased privileges.

The vulnerability of the sssd component in the basic operating system of the Photon OS platform, which is used for managing cloud storage in VMware Cloud Director, relates to the possibility of bypassing authentication. Exploiting this vulnerability allows a malicious actor to gain increased...

10CVSS8AI score0.01345EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2023/11/17 11:6 a.m.7 views

OESA-2023-1833 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References3
OSV
OSV
added 2023/11/17 11:6 a.m.5 views

OESA-2023-1831 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References3
OSV
OSV
added 2023/11/17 11:6 a.m.3 views

OESA-2023-1832 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References3
hivepro
hivepro
added 2023/11/17 8:7 a.m.69 views

VMware Unveils Critical Authentication Bypass Vulnerability in VCD Appliance

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. This vulnerability, identified as CVE-2023-34060, the flaw could be exploited by...

7.5CVSS7.7AI score0.01345EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/11/17 12:0 a.m.54 views

VMware Cloud Director Authentication Bypass (VMSA-2023-0026)

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

9.8CVSS8.5AI score0.01345EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2023/11/17 12:0 a.m.26 views

Oracle Linux 7 : open-vm-tools (ELSA-2023-7279)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7279 advisory. - Resolves: RHEL-14642 CVE-2023-34058 open-vm-tools: SAML token signature bypass rhel-7.9.z - Resolves: RHEL-14676 CVE-2023-34059 open-vm-tools: file...

7.5CVSS6.6AI score0.00667EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/11/17 12:0 a.m.30 views

Oracle Linux 9 : open-vm-tools (ELSA-2023-7277)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7277 advisory. - Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass. Tenable has extracted the preceding description block directly from the Orac...

7.5CVSS6.5AI score0.00667EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2023/11/16 12:0 a.m.36 views

open-vm-tools security update

11.0.5-3.0.1 - fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified sp...

7.5CVSS7.6AI score0.00667EPSS
Exploits0
Oracle linux
Oracle linux
added 2023/11/16 12:0 a.m.31 views

open-vm-tools security update

12.2.5-3.0.1.2 - Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass. - Address CVE-2023-34059 - BZ 2246962 - vmware-user-suid-wrapper...

7.5CVSS7.6AI score0.00667EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.36 views

AlmaLinux 9 : open-vm-tools (ALSA-2023:7277)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7277 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

7.5CVSS6.5AI score0.00667EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/11/15 11:19 p.m.3 views

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

7.4CVSS5.7AI score0.00402EPSS
Exploits0References4
Rows per page
Query Builder