13053 matches found
Rocky Linux 8 : open-vm-tools (RLSA-2023:7265)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7265 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...
VMware Spring Boot Security Vulnerability
VMware Spring Boot is a set of open source frameworks from VMware. A security vulnerability exists in VMware Spring Boot that originates from allowing an attacker to cause a denial of service DOS via a specially crafted HTTP request. Affected products and versions: Spring Boot versions 2.7.0...
pop.sddc-35-160-202-3.vmc.vmware.com Cross Site Scripting vulnerability OBB-3790585
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Oracle Linux 8 : open-vm-tools (ELSA-2023-7265)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7265 advisory. - Fix CVE-2023-34058 open-vm-tools: SAML token signature bypass Tenable has extracted the preceding description block directly from the Oracle Linux...
USN-6503-1: Linux kernel vulnerabilities
Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Bien Pham discovered that the netfiler subsystem in the Linux...
Attacks, Vulnerabilities and Actors 13 November to 19 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of nine attacks were executed, twelve vulnerabilities were uncovered, and four active adversaries we...
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6503-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6503-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local...
open-vm-tools security update
12.2.5-3.0.1.1 - Fix CVE-2023-34058 open-vm-tools: SAML token signature bypass - Fix CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper...
The vulnerability of the sssd component in the basic operating system of the Photon OS platform, which is used for managing cloud storage solutions like VMware Cloud Director, allows a hacker to gain increased privileges.
The vulnerability of the sssd component in the basic operating system of the Photon OS platform, which is used for managing cloud storage in VMware Cloud Director, relates to the possibility of bypassing authentication. Exploiting this vulnerability allows a malicious actor to gain increased...
OESA-2023-1833 open-vm-tools security update
The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...
OESA-2023-1831 open-vm-tools security update
The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...
OESA-2023-1832 open-vm-tools security update
The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...
VMware Unveils Critical Authentication Bypass Vulnerability in VCD Appliance
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. This vulnerability, identified as CVE-2023-34060, the flaw could be exploited by...
VMware Cloud Director Authentication Bypass (VMSA-2023-0026)
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...
Oracle Linux 7 : open-vm-tools (ELSA-2023-7279)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7279 advisory. - Resolves: RHEL-14642 CVE-2023-34058 open-vm-tools: SAML token signature bypass rhel-7.9.z - Resolves: RHEL-14676 CVE-2023-34059 open-vm-tools: file...
Oracle Linux 9 : open-vm-tools (ELSA-2023-7277)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7277 advisory. - Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass. Tenable has extracted the preceding description block directly from the Orac...
open-vm-tools security update
11.0.5-3.0.1 - fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified sp...
open-vm-tools security update
12.2.5-3.0.1.2 - Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass. - Address CVE-2023-34059 - BZ 2246962 - vmware-user-suid-wrapper...
AlmaLinux 9 : open-vm-tools (ALSA-2023:7277)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7277 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...
open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper
A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...