CVE-2021-21999

Affected products: VMware Tools for Windows (11.x.y before 11.2.6), VMware Remote Console for Windows (12.x before 12.0.1), and VMware App Volumes (2.x before 2.18.10 and 4 before 2103). Root cause: local privilege escalation via placing a malicious file named openssl.cnf in an unrestricted direc...

CVE-2020-3950

Mode C: CVE-2020-3950 affects VMware Fusion (11.x up to 11.5.1/11.5.2), VMware Remote Console for Mac (11.x up to 11.0.1), and Horizon Client for Mac (5.x up to 5.4.0). Root cause: improper use of setuid binaries enabling local privilege escalation from a normal user to root on systems running th...

CVE-2019-5527

CVE-2019-5527 is a use-after-free in the virtual sound device affecting VMware ESXi, Workstation, Fusion, VMRC and Horizon Client. The issue allows a local attacker with low privileges on a guest to potentially execute code on the host, with impact on confidentiality, integrity and availability d...

CVE-2019-5543

CVE-2019-5543 affects VMware Horizon Client for Windows (5.x and earlier), VMware Remote Console for Windows (10.x before 11.0.0), and VMware Workstation for Windows (15.x before 15.5.2). Root cause: the folder with the VMware USB arbitration service configuration was writable by all users, enabl...

CVE-2020-3974

CVE-2020-3974 affects VMware Fusion 11.x (pre-11.5.5), VMware Remote Console for Mac 11.x (pre-11.2.0), and Horizon Client for Mac 5.x (pre-5.4.3). It is a local privilege-escalation due to improper XPC Client validation, allowing a normal-privilege user to gain root access. Exploitation requires...

CVE-2020-3957

Summary of CVE-2020-3957 : VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior), and VMware Horizon Client for Mac (5.x and prior) contain a local privilege-escalation vulnerability caused by a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successfu...