CVE-2025-41244

>= 12.5.0 and < 12.5.4

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-admi

7.8HIGH

CVE-2023-34058

>= 10.3.0 and < 12.3.5

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privi

7.1HIGH

CVE-2023-34057

>= 10.3.0 and < 12.1.1

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual mac

7.8HIGH

CVE-2023-20900

>= 10.3.0 and < 12.3.0

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security

7.1HIGH

CVE-2023-20867

>= 10.3.0 and < 12.2.5

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiali

3.9LOW

CVE-2022-31693

>= 10.0.0 and < 12.1.5

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driv

5.5MEDIUM

CVE-2022-31676

>= 10.0.0 and < 12.1.0

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-adm

7.8HIGH

CVE-2022-22977

>= 10.0.0 and <= 10.3.24

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with no

7.1HIGH

CVE-2022-22943

>= 10.0.0 and < 12.0.0

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor

6.7MEDIUM

CVE-2021-21999

>= 11.0.0 and < 11.2.6

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (

7.8HIGH

CVE-2021-21997

>= 11.0.0 and < 11.3.0

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious act

5.5MEDIUM

CVE-2020-3972

>= 11.0.0 and < 11.1.1

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (

3.3LOW

CVE-2020-3941

>= 10.0.0 and < 11.0.0

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtu

7.0HIGH

CVE-2019-5522

>= 10.0.0 and < 10.3.10

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in

7.1HIGH

CVE-2018-6969

< 10.3.0

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this

7.0HIGH

CVE-2015-5191

<= 10.0.8

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tm

6.7MEDIUM

CVE-2017-9923

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code

7.8HIGH

CVE-2017-9922

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code

7.8HIGH

CVE-2017-9921

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code

7.8HIGH

CVE-2017-9920

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code

7.8HIGH

CVE-2017-9919

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code

7.8HIGH

CVE-2017-9918

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code

7.8HIGH

CVE-2017-9917

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecif

7.8HIGH

CVE-2017-9916

all versions

IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecif

7.8HIGH

CVE-2017-9915

all versions

IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via

7.8HIGH

CVE-2017-9530

<= 4.50

IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, re

7.8HIGH

CVE-2016-7080

<= 10.0.8

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or caus

7.8HIGH

CVE-2016-7079

<= 10.0.8

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or caus

7.8HIGH

CVE-2016-5328

<= 10.0.8

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determin

5.5MEDIUM

CVE-2016-5330

>= 9.0.0 and <= 10.3.22

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0

7.8HIGH

CVE-2014-4200

all versions

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions f

CVE-2014-4199

all versions

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to w