CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31693 – Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting <= 1.5.68 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-31693
19 Apr 2021 — The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. El complemento 10Web Photo Gallery hasta la versión 1.5.68 para WordPress permite Cross Site Scripting (XSS) a través de album_gallery_id_0, bwg_album_search_0 y type_0 p... • https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3972
https://notcve.org/view.php?id=CVE-2020-3972
19 Jun 2020 — VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. VMware Tools para macOS (versiones 11.x.x y versiones anteriores a 11.1.1), contiene una vulnerabilidad de denegación de servicio en la implementación del Host-Guest File System (HGFS). ... • https://www.vmware.com/security/advisories/VMSA-2020-0014.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3941
https://notcve.org/view.php?id=CVE-2020-3941
15 Jan 2020 — The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. La operación de reparación de VMware Tools para Windows versiones 10.x.y, tiene una condición de carrera que puede permitir una escalada de privilegios en la máquina virtual donde está instalado Tools. Esta vulnerabilida... • https://www.vmware.com/security/advisories/VMSA-2020-0002.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5522
https://notcve.org/view.php?id=CVE-2019-5522
06 Jun 2019 — VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine. La actualización de VMware Tools para Windows corrige una vulnerabilidad de lectur... • http://www.securityfocus.com/bid/108673 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6969 – VMware Security Advisory 2018-0017
https://notcve.org/view.php?id=CVE-2018-6969
13 Jul 2018 — VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled. VMware Tools ( versiones 10.x y anteriores antes de la 10.3.0) contiene una vulnerabilidad de lectura fuera de límites en HGFS. La explotación exitosa de este problema podría conducir a una divulgac... • http://www.securityfocus.com/bid/104737 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5191
https://notcve.org/view.php?id=CVE-2015-5191
28 Jul 2017 — VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H VMware Tools anterior a versión 10.0.9, contiene múltiples carreras del sistemas de archivos en libDeployPkg, relacionada con el uso de paths codificadas en /tmp. La explotación con éxito de este problema puede resultar en una escalada de privilegios l... • http://www.securityfocus.com/bid/100011 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2016-7079
https://notcve.org/view.php?id=CVE-2016-7079
29 Dec 2016 — The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080. Las funciones de aceleración gráfica en VMware Tools 9.x y 10.x en versiones anteriores a 10.0.9 en OS X permiten a usuarios locales obtener privilegios o provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados, una ... • http://www.securityfocus.com/bid/92938 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2016-7080
https://notcve.org/view.php?id=CVE-2016-7080
29 Dec 2016 — The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079. Las funciones de aceleración gráfica en VMware Tools 9.x y 10.x en versiones anteriores a 10.0.9 en OS X permiten a usuarios locales obtener privilegios o provocar una denegación de servicio (Referencia a puntero NULL) a través de vectores no especificados, una ... • http://www.securityfocus.com/bid/92938 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2016-5328 – VMware Security Advisory 2016-0017
https://notcve.org/view.php?id=CVE-2016-5328
26 Oct 2016 — VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. VMware Tools 9.x y 10.x en versiones anteriores a 10.1.0 en OS X, cuando System Integrity Protection (SIP) está habilitado, permite a usuarios locales determinar las direcciones de memoria del kernel y eludir el mecanismo de protección kASLR a través de vectores no especificados. VMware p... • http://www.securityfocus.com/bid/93886 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 28%CPEs: 7EXPL: 3CVE-2016-5330 – VMware Host Guest Client Redirector - DLL Side Loading
https://notcve.org/view.php?id=CVE-2016-5330
08 Aug 2016 — Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en la característica HGFS (también conocido como Shared Folders) en VMware Tools 10.0.5 en VMware ESXi 5.0 ... • https://packetstorm.news/files/id/138289 • CWE-426: Untrusted Search Path •