167 matches found
Fedora 38 : open-vm-tools (2023-08e2bb6815)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-08e2bb6815 advisory. Security fixes for CVE-2023-34058 and CVE-2023-34059 Tenable has extracted the preceding description block directly from the Fedora security advisor...
Debian: Security Advisory (DLA-3646-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3646 : open-vm-tools - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3646 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3646-1 [email protected]...
[SECURITY] [DLA 3646-1] open-vm-tools security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3646-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 05, 2023 https://wiki.debian.org/LTS -...
Amazon Linux 2023 : open-vm-tools, open-vm-tools-desktop, open-vm-tools-devel (ALAS2023-2023-423)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-423 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-...
Amazon Linux 2 : open-vm-tools (ALAS-2023-2329)
The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2329 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest...
Important: open-vm-tools
Issue Overview: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be ab...
FreeBSD : open-vm-tools -- Multiple vulnerabilities (d2505ec7-78ea-11ee-9131-6f01853956d5)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2505ec7-78ea-11ee-9131-6f01853956d5 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that ha...
Debian DSA-5543-1 : open-vm-tools - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5543 advisory. Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation. For the oldstable distribution bullseye, these...
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Open VM Tools vulnerabilities (USN-6463-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6463-1 advisory. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could...
SUSE: Security Advisory (SUSE-SU-2023:4230-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SAML Token Signature Bypass
open-vm-tools is vulnerable to SAML Token Signature Bypass. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted file or visiting a malicious website. The file or website would contain a specially crafted SAML token that would exploit the flaw in VMware...
SUSE SLES15 Security Update : open-vm-tools (SUSE-SU-2023:4229-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4229-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : open-vm-tools (SUSE-SU-2023:4227-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4227-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has...
SUSE SLES15: libvmtools-devel / libvmtools0 / open-vm-tools / etc (SUSE-SU-2023:4230-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4230-1 advisory. - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue throug...
SUSE SLES12 Security Update : open-vm-tools (SUSE-SU-2023:4228-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4228-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...
SUSE-SU-2023:4230-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper bsc1216433...
SUSE-SU-2023:4228-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper bsc1216433...
SUSE-SU-2023:4227-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue bsc1216432. - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper bsc1216433...