Tools Security Vulnerabilities and Issues — Tools CVE List

Lucene search

VmwareTools

22 matches found

CVE•added 2021/06/23 12:15 p.m.•2257 views

CVE-2021-21999

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue ...

7.8CVSS7.8AI score0.00078EPSS

CVE•added 2022/08/23 8:15 p.m.•1005 views

CVE-2022-31676

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

7.8CVSS7.8AI score0.00057EPSS

CVE•added 2023/06/07 2:15 p.m.•866 views

CVE-2022-31693

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-o...

5.5CVSS5.7AI score0.00049EPSS

CVE•added 2023/06/13 5:15 p.m.•840 views

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

3.9CVSS5.1AI score0.00514EPSS

CVE•added 2023/08/31 10:15 a.m.•413 views

CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a mor...

7.5CVSS7.4AI score0.00953EPSS

CVE•added 2019/06/06 7:29 p.m.•210 views

CVE-2019-5522

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMw...

7.1CVSS6.5AI score0.0005EPSS

CVE•added 2023/10/27 5:15 a.m.•208 views

CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate thei...

7.5CVSS7.3AI score0.00045EPSS

CVE•added 2022/05/24 7:15 p.m.•163 views

CVE-2022-22977

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unint...

7.1CVSS6.6AI score0.00034EPSS

CVE•added 2022/03/03 10:15 p.m.•159 views

CVE-2022-22943

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest O...

7.2CVSS6.6AI score0.00113EPSS

CVE•added 2020/01/15 8:15 p.m.•117 views

CVE-2020-3941

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.

7CVSS7AI score0.0003EPSS

CVE•added 2022/11/29 9:15 p.m.•111 views

CVE-2021-31693

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE I...

6.5CVSS5.6AI score0.14622EPSS

CVE•added 2023/10/27 5:15 a.m.•103 views

CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

7.8CVSS7.6AI score0.00076EPSS

CVE•added 2016/08/08 1:59 a.m.•88 views

CVE-2016-5330

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges...

7.8CVSS7.3AI score0.37267EPSS

CVE•added 2021/06/18 1:15 p.m.•79 views

CVE-2021-21997

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-ser...

5.5CVSS5.3AI score0.00038EPSS

CVE•added 2016/12/29 9:59 a.m.•60 views

CVE-2016-7079

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.

7.8CVSS7.5AI score0.00042EPSS

CVE•added 2018/07/13 1:29 p.m.•60 views

CVE-2018-6969

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing mu...

7CVSS6.6AI score0.00084EPSS

CVE•added 2017/07/28 9:29 p.m.•54 views

CVE-2015-5191

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.7CVSS6.4AI score0.00066EPSS

CVE•added 2016/12/29 9:59 a.m.•54 views

CVE-2016-7080

7.8CVSS7.5AI score0.00042EPSS

CVE•added 2014/08/28 3:14 p.m.•53 views

CVE-2014-4199

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

6.3CVSS6.5AI score0.0003EPSS

CVE•added 2014/08/28 3:14 p.m.•49 views

CVE-2014-4200

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

4.7CVSS6AI score0.00041EPSS

CVE•added 2016/12/29 9:59 a.m.•48 views

CVE-2016-5328

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.

5.5CVSS5.2AI score0.0006EPSS

CVE•added 2020/06/19 6:15 p.m.•47 views

CVE-2020-3972

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service c...

3.3CVSS4AI score0.00042EPSS