CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34059 – open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper
https://notcve.org/view.php?id=CVE-2023-34059
27 Oct 2023 — open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. open-vm-tools contiene una vulnerabilidad de secuestro de descriptores de archivos en vmware-user-suid-wrapper. Un actor malintencionado con privilegios no root puede secuestrar el descriptor del archivo /dev/uinput, permitiéndole simular las entradas del usuario. A flaw was found... • http://www.openwall.com/lists/oss-security/2023/10/27/2 • CWE-266: Incorrect Privilege Assignment CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-34058 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-34058
27 Oct 2023 — VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c... • http://www.openwall.com/lists/oss-security/2023/10/27/1 • CWE-347: Improper Verification of Cryptographic Signature CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34057
https://notcve.org/view.php?id=CVE-2023-34057
27 Oct 2023 — VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. VMware Tools contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso de usuario local a una máquina virtual invitada puede elevar los privilegios dentro de la máquina virtual. VMware Tools contains a local privilege escalation vulnerability. • https://www.vmware.com/security/advisories/VMSA-2023-0024.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2023-20900 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-20900
31 Aug 2023 — A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Un actor malicioso al ... • http://www.openwall.com/lists/oss-security/2023/08/31/1 • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 3.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-20867 – VMware Tools Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-20867
13 Jun 2023 — A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la máquina virtual invitada. A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authenti... • http://www.openwall.com/lists/oss-security/2023/10/16/11 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31693
https://notcve.org/view.php?id=CVE-2022-31693
07 Jun 2023 — VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. • https://security.netapp.com/advisory/ntap-20221223-0009 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1142
https://notcve.org/view.php?id=CVE-2009-1142
23 Nov 2022 — An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. Se descubrió un problema en open-vm-tools 2009.03.18-154848. Los usuarios locales pueden obtener privilegios mediante un ataque de symlink en archivos /tmp si vmware-user-suid-wrapper tiene setuid root y la función ChmodChownDirectory está habilitada. • https://bugs.gentoo.org/264577 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1143
https://notcve.org/view.php?id=CVE-2009-1143
23 Nov 2022 — An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). Se descubrió un problema en open-vm-tools 2009.03.18-154848. Los usuarios locales pueden hacer una omisión sobre las restricciones de acceso previstas para el montaje de recursos compartidos mediante un ataque de symlink que aprovecha una condición ejecución de realpath en mount.vmhg... • https://bugs.gentoo.org/264577 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 2CVE-2022-31691
https://notcve.org/view.php?id=CVE-2022-31691
04 Nov 2022 — Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. Spring Tools 4 para Eclipse versión 4.16.0 y siguientes, así como extensiones VSCode com... • https://github.com/SpindleSec/CVE-2022-31691 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31676 – open-vm-tools: local root privilege escalation in the virtual machine
https://notcve.org/view.php?id=CVE-2022-31676
23 Aug 2022 — VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. VMware Tools (versiones 12.0.0, 11.x.y y 10.x.y) contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso local no administrativo al Sistema Operativo invitado puede escalar privilegios como usuario root en la máquina virtual. A flaw was found in op... • http://www.openwall.com/lists/oss-security/2022/08/23/3 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •