1390 matches found
open-vm-tools: SAML token signature bypass
A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...
open-vm-tools: SAML token signature bypass
A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...
open-vm-tools: SAML token signature bypass
A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...
open-vm-tools: SAML token signature bypass
A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...
RHEL 9 : open-vm-tools (RHSA-2023:7277)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7277 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...
GHSA-GW7G-QR8W-3448 Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...
CVE-2023-47163
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...
Race condition
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...
PYSEC-2023-236
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...
PYSEC-2023-236
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...
CVE-2023-47163
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...
CVE-2023-47163
CVE-2023-47163 affects the Remarshal YAML processor. Before v0.17.1, it allows unlimited expansion of YAML alias nodes, enabling a Billion Laughs-style DoS when processing untrusted YAML files. The vulnerability is documented across multiple sources, and remediation is to upgrade to Remarshal v0....
PT-2023-30338 · Remarshal · Remarshal
Name of the Vulnerable Software and Affected Versions: Remarshal versions prior to 0.17.1 Description: The issue allows for the expansion of YAML alias nodes unlimitedly, making Remarshal susceptible to a Billion Laughs Attack. This can lead to a denial-of-service DoS condition when processing...
Remarshal unlimitedly expanding YAML alias nodes
Overview Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly CWE-674, hence Remarshal is vulnerable to Billion Laughs Attack. Taichi Kotake of Sterra Security Co.,Ltd. / Akatsuki Games Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#86156389: Remarshal unlimitedly expanding YAML alias nodes
Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly CWE-674, hence Remarshal is vulnerable to Billion Laughs Attack. Impact Processing untrusted YAML files may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to...
Fedora 38 : open-vm-tools (2023-08e2bb6815)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-08e2bb6815 advisory. Security fixes for CVE-2023-34058 and CVE-2023-34059 Tenable has extracted the preceding description block directly from the Fedora security advisor...
VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass (VMSA-2023-0024)
The version of VMware Tools installed on the remote Windows host is 10.3.x, 11.x or 12.x prior to 12.3.5. It is, therefore, affected by a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevat...
Qu1Ckdr0P2 - Quicky Serve Files Over Http Or Https Using Flask
Rapidly host payloads and post-exploitation bins over HTTP or HTTPS. Designed to be used on exams like OSCP / PNPT or CTFs HTB / etc. Pull requests and issues welcome. As are any contributions. Qu1ckdr0p2 comes with an alias and search feature. The tools are located in the qu1ckdr0p2-tools...
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
...
CVE-2023-34058
A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...