Astra Linux - уязвимость в open-vm-tools

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

EUVD-2020-19370

Malware in sbrugna...

EUVD-2019-9592

Malware in sbrugna...

EUVD-2022-2143

Malicious code in bioql PyPI...

EUVD-2023-38172

Malicious code in bioql PyPI...

EUVD-2022-4022

Malicious code in bioql PyPI...

CVE-2024-5249

In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...

CVE-2021-21474

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidatin...

SUSE CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

RHEL 7 : open-vm-tools (RHSA-2024:5315)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5315 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization...

Important: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

Authentication Bypass

github.com/RobotsAndPencils/go-saml is vulnerable to an Authentication Bypass. The vulnerability is due to improper configuration of the xmlsec1 tool in the go-saml library, which fails to restrict the origin of the public key used for signature verification. It allows an attacker to sign SAML...

GHSA-6H53-Q94J-348W RobotsAndPencils go-saml authentication bypass vulnerability

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

CVE-2024-5249

In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...

PT-2024-35330 · Akana · Akana Api Platform

Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to 2024.1.0 Description: The issue allows SAML tokens to be replayed. Recommendations: For versions prior to 2024.1.0, update to version 2024.1.0 or later to resolve the issue...

Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to use of open-vm-tools (CVE-2023-20900)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit hypervisor users to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20900 DESCRIPTION: VMware Tools could allow a remote attacker to bypa...

Mageia: Security Advisory (MGASA-2024-0058)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated open-vm-tools packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. CVE-2023-20867 SAML token signature bypass. CVE-2023-34058 File descriptor hijack vulnerability in the vmware-user-suid-wrapper. CVE-2023-34059...

MGASA-2024-0058 Updated open-vm-tools packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. CVE-2023-20867 SAML token signature bypass. CVE-2023-34058 File descriptor hijack vulnerability in the vmware-user-suid-wrapper. CVE-2023-34059...