CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21999 – VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-21999
23 Jun 2021 — VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. VMware Tools para Windows (versiones 11.x.y anteriores a 11.2.6), V... • https://www.vmware.com/security/advisories/VMSA-2021-0013.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3975
https://notcve.org/view.php?id=CVE-2020-3975
21 Aug 2020 — VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing. VMware App Volumes versiones 2.x anteriores a 2.18.6 y VMware App Volumes versiones 4 anteriores a 2006, contienen una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado. Un actor... • https://www.vmware.com/security/advisories/VMSA-2020-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •