CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21999 – VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-21999
23 Jun 2021 — VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. VMware Tools para Windows (versiones 11.x.y anteriores a 11.2.6), V... • https://www.vmware.com/security/advisories/VMSA-2021-0013.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3974
https://notcve.org/view.php?id=CVE-2020-3974
10 Jul 2020 — VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. VMware Fusion (versiones 11.x anteriores a 11.5.5), V... • https://www.vmware.com/security/advisories/VMSA-2020-0017.html •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3957
https://notcve.org/view.php?id=CVE-2020-3957
29 May 2020 — VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. VMware Fusion (versiones 11.x anteriores a 11.5.5), VMware Remote... • https://www.vmware.com/security/advisories/VMSA-2020-0011.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 14%CPEs: 4EXPL: 6CVE-2020-3950 – VMware Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3950
17 Mar 2020 — VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. VMware Fusion (versiones 11.x anteriores a 11.5.2), VMware Remote Console for Mac (ver... • https://packetstorm.news/files/id/157079 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5543
https://notcve.org/view.php?id=CVE-2019-5543
16 Mar 2020 — For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user. Para VMware Horizon Client for Windows (versiones 5.x y anteriores a 5.3.0), VMware Remote Console for Wi... • https://www.vmware.com/security/advisories/VMSA-2020-0004.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 187EXPL: 0CVE-2019-5527 – VMware Security Advisory 2019-0014
https://notcve.org/view.php?id=CVE-2019-5527
20 Sep 2019 — ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. ESXi, Workstation, Fusion, VMRC y Horizon Client contienen una vulnerabilidad uso de la memoria previamente liberada en el dispositivo de sonido virtual. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Importante con un puntaje bas... • https://www.vmware.com/security/advisories/VMSA-2019-0014.html • CWE-416: Use After Free •