Skip to main content

Tools

30 CVEs product

Monthly

CVE-2025-41244 HIGH POC KEV PATCH THREAT Act Now

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation VMware Aria Operations Cloud Foundation Cloud Foundation Operations +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34058 HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass Open Vm Tools Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34057 HIGH This Week

VMware Tools contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Tools
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20900 HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools Open Vm Tools Fedora +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31676 HIGH PATCH This Week

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Tools Debian Linux Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-22977 HIGH This Week

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

VMware Information Disclosure Microsoft XXE Tools
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2022-22943 MEDIUM This Month

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

VMware Microsoft Information Disclosure Tools
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2021-21999 HIGH PATCH This Week

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft OpenSSL VMware App Volumes +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-21997 MEDIUM PATCH This Month

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure VMware Tools
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3972 LOW Monitor

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Apple Tools
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-3941 HIGH This Week

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Microsoft VMware Tools
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-5522 HIGH This Week

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft VMware +1
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2018-6969 HIGH PATCH This Week

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Rated high severity (CVSS 7.0).

VMware Information Disclosure Buffer Overflow Tools
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2015-5191 MEDIUM This Month

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Rated medium severity (CVSS 6.7). No vendor patch available.

Race Condition VMware Privilege Escalation Tools
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-9923 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9922 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9921 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9920 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9919 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9918 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9917 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to "Data from Faulting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9916 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to "Data from Faulting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9915 HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "Read Access Violation on Block Data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-9530 HIGH This Week

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Irfanview Tools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-7080 HIGH This Week

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference VMware Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-7079 HIGH This Week

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference VMware Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5328 MEDIUM This Month

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Tools
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-5330 HIGH POC THREAT Act Now

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%.

Information Disclosure VMware Workstation Player Workstation Pro ESXi +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
25.5%
CVE-2014-4200 MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation VMware Tools Vm Support Workstation
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2014-4199 MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure VMware Tools Vm Support Workstation
NVD
CVSS 2.0
6.3
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation VMware Aria Operations +9
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Tools contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Tools
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Tools +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

VMware Information Disclosure Microsoft +2
NVD VulDB
EPSS 1% CVSS 6.7
MEDIUM This Month

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

VMware Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft OpenSSL +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure VMware +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Apple +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Microsoft +2
NVD
EPSS 1% CVSS 7.1
HIGH This Week

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Rated high severity (CVSS 7.0).

VMware Information Disclosure Buffer Overflow +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Rated medium severity (CVSS 6.7). No vendor patch available.

Race Condition VMware Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to "Data from Faulting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Irfanview +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to "Data from Faulting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Tools
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "Read Access Violation on Block Data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference VMware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference VMware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Tools
NVD
EPSS 25% CVSS 7.8
HIGH POC THREAT Act Now

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%.

Information Disclosure VMware Workstation Player +4
NVD Exploit-DB
EPSS 0% CVSS 4.7
MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation VMware Tools +2
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure VMware Tools +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy