VMware Open Vm Tools
By the Year
In 2024 there have been 0 vulnerabilities in VMware Open Vm Tools . Last year Open Vm Tools had 2 security vulnerabilities published. Right now, Open Vm Tools is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.25 |
| 2022 | 2 | 6.85 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Open Vm Tools vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Open Vm Tools Security Vulnerabilities
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper
CVE-2023-34059
7 - High
- October 27, 2023
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
VMware Tools contains a SAML token signature bypass vulnerability
CVE-2023-34058
7.5 - High
- October 27, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
Improper Verification of Cryptographic Signature
An issue was discovered in open-vm-tools 2009.03.18-154848
CVE-2009-1143
7 - High
- November 23, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
insecure temporary file
An issue was discovered in open-vm-tools 2009.03.18-154848
CVE-2009-1142
6.7 - Medium
- November 23, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Open Vm Tools or by VMware? Click the Watch button to subscribe.
