Lucene search
+L

167 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/08 12:0 a.m.29 views

Fedora 38 : open-vm-tools (2023-08e2bb6815)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-08e2bb6815 advisory. Security fixes for CVE-2023-34058 and CVE-2023-34059 Tenable has extracted the preceding description block directly from the Fedora security advisor...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/11/07 12:0 a.m.15 views

Debian: Security Advisory (DLA-3646-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.00672EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.28 views

Debian dla-3646 : open-vm-tools - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3646 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3646-1 [email protected]...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References6
Debian
Debian
added 2023/11/05 10:18 p.m.30 views

[SECURITY] [DLA 3646-1] open-vm-tools security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3646-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 05, 2023 https://wiki.debian.org/LTS -...

7.5CVSS7.8AI score0.00672EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/04 12:0 a.m.27 views

Amazon Linux 2023 : open-vm-tools, open-vm-tools-desktop, open-vm-tools-devel (ALAS2023-2023-423)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-423 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-...

7.5CVSS6.4AI score0.00672EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.25 views

Amazon Linux 2 : open-vm-tools (ALAS-2023-2329)

The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2329 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References6
Amazon
Amazon
added 2023/11/01 12:0 a.m.37 views

Important: open-vm-tools

Issue Overview: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be ab...

7.5CVSS6.7AI score0.00672EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.18 views

FreeBSD : open-vm-tools -- Multiple vulnerabilities (d2505ec7-78ea-11ee-9131-6f01853956d5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2505ec7-78ea-11ee-9131-6f01853956d5 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that ha...

7.5CVSS6.4AI score0.00672EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.36 views

Debian DSA-5543-1 : open-vm-tools - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5543 advisory. Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation. For the oldstable distribution bullseye, these...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2023/10/31 7:0 a.m.7 views

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

...

7.5CVSS7AI score0.00672EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/31 12:0 a.m.24 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Open VM Tools vulnerabilities (USN-6463-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6463-1 advisory. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could...

7.5CVSS6.6AI score0.00672EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/10/30 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2023:4230-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00672EPSS
Exploits0References5
Veracode
Veracode
added 2023/10/29 1:19 p.m.32 views

SAML Token Signature Bypass

open-vm-tools is vulnerable to SAML Token Signature Bypass. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted file or visiting a malicious website. The file or website would contain a specially crafted SAML token that would exploit the flaw in VMware...

7.5CVSS7.1AI score0.00672EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/28 12:0 a.m.28 views

SUSE SLES15 Security Update : open-vm-tools (SUSE-SU-2023:4229-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4229-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/10/28 12:0 a.m.21 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : open-vm-tools (SUSE-SU-2023:4227-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4227-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/10/28 12:0 a.m.32 views

SUSE SLES15: libvmtools-devel / libvmtools0 / open-vm-tools / etc (SUSE-SU-2023:4230-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4230-1 advisory. - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue throug...

7.5CVSS6.8AI score0.00672EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/10/28 12:0 a.m.23 views

SUSE SLES12 Security Update : open-vm-tools (SUSE-SU-2023:4228-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4228-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References8
OSV
OSV
added 2023/10/27 9:27 a.m.5 views

SUSE-SU-2023:4230-1 Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper bsc1216433...

7.5CVSS7.7AI score0.00672EPSS
Exploits0References5
OSV
OSV
added 2023/10/27 9:27 a.m.9 views

SUSE-SU-2023:4228-1 Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper bsc1216433...

7.5CVSS7.7AI score0.00672EPSS
Exploits0References6
OSV
OSV
added 2023/10/27 9:26 a.m.4 views

SUSE-SU-2023:4227-1 Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper bsc1216433...

7.5CVSS7.7AI score0.00672EPSS
Exploits0References5
Rows per page
Query Builder