cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-34058,https://securityvulnerability.io/vulnerability/CVE-2023-34058,SAML Token Signature Bypass in VMware Tools,"VMware Tools has a vulnerability that allows a malicious actor with granted Guest Operation Privileges in a virtual machine to potentially elevate their privileges. This occurs when the virtual machine has been assigned a more privileged Guest Alias, creating an opportunity for unauthorized access to sensitive resources within the virtual environment.",Vmware,"VMware Tools,open-vm-tools",7.5,HIGH,0.0009899999713525176,false,false,false,false,,false,false,2023-10-27T05:15:00.000Z,0
CVE-2023-34057,https://securityvulnerability.io/vulnerability/CVE-2023-34057,Local Privilege Escalation Vulnerability in VMware Tools,"VMware Tools has a vulnerability that allows a malicious user with local access to a guest virtual machine to escalate their privileges. This could potentially enable unauthorized actions within the virtual machine environment, posing a security risk. It is crucial for users to implement necessary security measures to safeguard their virtual machines from this type of exploit.",Vmware,VMware Tools,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-10-27T05:15:00.000Z,0
CVE-2023-20900,https://securityvulnerability.io/vulnerability/CVE-2023-20900,Privilege Escalation Vulnerability in VMware vSphere Affecting Guest Operations,"A vulnerability exists within VMware vSphere that allows a malicious actor with Guest Operation Privileges in a virtual machine to potentially elevate their privileges. This issue arises when the virtual machine has been assigned a more privileged Guest Alias, enabling unauthorized access to higher-level operations and potentially compromising the integrity of the host and other guest instances.",Vmware,"VMware Tools,VMware Tools (open-vm-tools)",7.5,HIGH,0.0014299999456852674,false,false,false,false,,false,false,2023-08-31T10:15:00.000Z,0
CVE-2023-20867,https://securityvulnerability.io/vulnerability/CVE-2023-20867,VMware ESXi Compromise Threatens Guest VM Security,"The VMware ESXi vulnerability CVE-2023-20867 is being actively exploited by a Chinese cyberespionage group known as UNC3886. The vulnerability allows the attacker to execute commands and transfer files to and from guest virtual machines from a compromised ESXi host without the need for guest credentials. This exploitation threatens the confidentiality and integrity of the guest VMs. The group is also deploying custom backdoors on compromised targets. The vendor, VMware, has patched the vulnerability; however, this case highlights the importance of timely patching and security vigilance in protecting against advanced cyber threats.",VMware,VMware Tools,3.9,LOW,0.005419999826699495,true,true,true,true,,true,false,2023-06-13T17:15:00.000Z,0
CVE-2022-31676,https://securityvulnerability.io/vulnerability/CVE-2022-31676,,"VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.",Vmware,Vmware Tools,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2022-08-23T00:00:00.000Z,0
CVE-2022-22977,https://securityvulnerability.io/vulnerability/CVE-2022-22977,,"VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.",Vmware,Vmware Tools For Windows,7.1,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2022-05-24T18:15:38.000Z,0
CVE-2022-22943,https://securityvulnerability.io/vulnerability/CVE-2022-22943,,"VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.",Vmware,Vmware Tools For Windows,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-03-03T21:59:08.000Z,0
CVE-2021-21999,https://securityvulnerability.io/vulnerability/CVE-2021-21999,,"VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.",Vmware,"Vmware Tools For Windows, Vmware Remote Console For Windows And Vmware App Volumes",7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2021-06-23T11:16:41.000Z,0
CVE-2021-21997,https://securityvulnerability.io/vulnerability/CVE-2021-21997,,"VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.",Vmware,Vmware Tools For Windows,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2021-06-18T12:41:17.000Z,0
CVE-2020-3972,https://securityvulnerability.io/vulnerability/CVE-2020-3972,,VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.,Vmware,Vmware Tools For Mac OS,3.3,LOW,0.0004400000034365803,false,false,false,false,,false,false,2020-06-19T17:29:36.000Z,0
CVE-2020-3941,https://securityvulnerability.io/vulnerability/CVE-2020-3941,,The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.,Vmware,Vmware Tools For Windows (vmware Tools),7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2020-01-15T19:03:19.000Z,0
CVE-2019-5522,https://securityvulnerability.io/vulnerability/CVE-2019-5522,,VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.,Vmware,Vmware Tools For Windows,7.1,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2019-06-06T19:00:03.000Z,0
CVE-2018-6969,https://securityvulnerability.io/vulnerability/CVE-2018-6969,,"VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.",Vmware,Vmware Tools,7,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2018-07-12T00:00:00.000Z,0
CVE-2015-5191,https://securityvulnerability.io/vulnerability/CVE-2015-5191,,"VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",Vmware,Vmware Tools,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2017-07-28T21:29:00.000Z,0