- EPSS 0.08%
- Veröffentlicht 27.10.2023 05:15:39
- Zuletzt bearbeitet 06.03.2025 16:15:42
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
CVE-2023-34058
- EPSS 0.03%
- Veröffentlicht 27.10.2023 05:15:38
- Zuletzt bearbeitet 06.03.2025 16:15:41
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a...
CVE-2023-20900
- EPSS 0.84%
- Veröffentlicht 31.08.2023 10:15:08
- Zuletzt bearbeitet 21.11.2024 07:41:47
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if ...
CVE-2009-1142
- EPSS 0.03%
- Veröffentlicht 23.11.2022 18:15:10
- Zuletzt bearbeitet 25.04.2025 21:15:16
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.