RHEL 8 : open-vm-tools (RHSA-2023:7260)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7260 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

RHEL 8 : open-vm-tools (RHSA-2023:7261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7261 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

RHEL 8 : open-vm-tools (RHSA-2023:7265)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7265 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

RHEL 9 : open-vm-tools (RHSA-2023:7277)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7277 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

RHEL 8 : open-vm-tools (RHSA-2023:7262)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7262 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Traceroute vulnerability (USN-6478-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6478-1 advisory. It was discovered that Traceroute did not properly parse command line arguments. An attacker could possibly use this issue to...

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom DVenom is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode. Capable of bypassing some well-known antivirus AVs. Offers multiple encryption methods including RC4, AES256, XOR, and ROT. Produces source code in C, Rust, PowerShell...

kernel: EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: fix refcount leak in pcigetdevwrapper As the comment of pcigetdomainbusandslot says, it returns a PCI device with refcount incremented, so it doesn't need to call an extra pcidevget in pcigetdevwrapper, and the PCI...

kernel: ext4: Fix function prototype mismatch for ext4_feat_ktype

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4featktype With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call...

Debian dla-3646 : open-vm-tools - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3646 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3646-1 [email protected]...

OESA-2023-1784 traceroute security update

Traceroute tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol's time to live TTL field and attempts to elicit an ICMP TIMEEXCEEDED response from each gateway along the path to the host. Security Fixes: In buc Traceroute 2.0.12 through 2.1.2...

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3 the wrapper scripts do not properly parse command lines.

...

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

...

FreeBSD : open-vm-tools -- Multiple vulnerabilities (d2505ec7-78ea-11ee-9131-6f01853956d5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d2505ec7-78ea-11ee-9131-6f01853956d5 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that ha...

Debian DSA-5543-1 : open-vm-tools - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5543 advisory. Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation. For the oldstable distribution bullseye, these...

Privilege Escalation

open-vm-tools is vulnerable to Privilege Escalation. The vulnerability is a file descriptor hijack within the vmware-user-suid-wrapper allowing a malicious attacker to simulate user inputs...

SUSE SLES15 Security Update : open-vm-tools (SUSE-SU-2023:4230-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4230-1 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

AZL-31733 CVE-2023-34059 affecting package open-vm-tools for versions less than 11.3.0-3

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...