Vulnerabilities > Vmware > Tools > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-34057 | Improper Privilege Management vulnerability in VMWare Tools VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. | 7.8 |
| 2023-10-27 | CVE-2023-34058 | Improper Verification of Cryptographic Signature vulnerability in multiple products VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
| 2023-08-31 | CVE-2023-20900 | Authentication Bypass by Capture-replay vulnerability in multiple products A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
| 2022-08-23 | CVE-2022-31676 | Improper Privilege Management vulnerability in multiple products VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. | 7.8 |
| 2022-05-24 | CVE-2022-22977 | XXE vulnerability in VMWare Tools VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. | 7.1 |
| 2021-06-23 | CVE-2021-21999 | Uncontrolled Search Path Element vulnerability in VMWare APP Volumes, Remote Console and Tools VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. | 7.8 |
| 2020-01-15 | CVE-2020-3941 | Race Condition vulnerability in VMWare Tools The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. | 7.0 |
| 2019-06-06 | CVE-2019-5522 | Out-of-bounds Read vulnerability in VMWare Tools VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. | 7.1 |
| 2018-07-13 | CVE-2018-6969 | Out-of-bounds Read vulnerability in VMWare Tools VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. | 7.0 |
| 2016-12-29 | CVE-2016-7080 | NULL Pointer Dereference vulnerability in VMWare Tools The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079. | 7.8 |