open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

Amazon Linux 2 : open-vm-tools (ALAS-2023-2250)

The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2250 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the- middle MITM network...

Amazon Linux 2023 : open-vm-tools, open-vm-tools-desktop, open-vm-tools-devel (ALAS2023-2023-350)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-350 advisory. VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the- middle MITM network positioning between vCenter server and the virtual machine may be able to bypass...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

Oracle Linux 7 : open-vm-tools (ELSA-2023-5217)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5217 advisory. 11.0.5-3.0.1 - fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 -...

OESA-2023-1629 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

OESA-2023-1631 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

GHSA-3GH6-V5V9-6V9J Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

Fedora 38 : open-vm-tools (2023-df375d0634)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-df375d0634 advisory. Package new upstream version of open-vm-tools-12.3.0-22234872. Security fix for CVE-2023-20900, CVE-2023-20867 Tenable has extracted the preceding...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Open VM Tools vulnerability (USN-6365-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6365-1 advisory. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token...

Desdev DedeCMS SQL Injection Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A SQL injection vulnerability exists in...

PT-2023-30462 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.110 Description: A critical issue was found in DedeCMS, affecting the /uploads/tags.php file. The manipulation of the tag alias argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...

CVE-2023-20900

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

DEBIAN-CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...