Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/517621?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/517621?format=api", "purl": "pkg:deb/debian/open-vm-tools@1:8.4.2-261024-1", "type": "deb", "namespace": "debian", "name": "open-vm-tools", "version": "1:8.4.2-261024-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:12.2.0-1+deb12u4", "latest_non_vulnerable_version": "2:12.2.0-1+deb12u4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96115?format=api", "vulnerability_id": "VCID-2ak5-jm4u-4uh6", "summary": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22967", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23036", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2299", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22936", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2294", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2145" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631508", "reference_id": "631508", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631508" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517623?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:8.8.0%2B2012.05.21-724730-1%2Bnmu2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-6beb-tmzd-37hc" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-spwc-kvav-e7b7" }, { "vulnerability": "VCID-v335-wfw4-tbce" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:8.8.0%252B2012.05.21-724730-1%252Bnmu2%252Bdeb7u1" } ], "aliases": [ "CVE-2011-2145" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ak5-jm4u-4uh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92114?format=api", "vulnerability_id": "VCID-3hq6-cp8y-p7g5", "summary": "open-vm-tools: SAML token signature bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34058.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12285", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12391", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12392", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12356", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12275", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/27/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:26:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/27/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666", "reference_id": "1054666", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246080", "reference_id": "2246080", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246080" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5543", "reference_id": "dsa-5543", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:26:48Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5543" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", "reference_id": "G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:26:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", "reference_id": "MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:26:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", "reference_id": "msg00002.html", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:26:48Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7260", "reference_id": "RHSA-2023:7260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7261", "reference_id": "RHSA-2023:7261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7262", "reference_id": "RHSA-2023:7262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7263", "reference_id": "RHSA-2023:7263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7264", "reference_id": "RHSA-2023:7264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7265", "reference_id": "RHSA-2023:7265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7267", "reference_id": "RHSA-2023:7267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7276", "reference_id": "RHSA-2023:7276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7277", "reference_id": "RHSA-2023:7277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7279", "reference_id": "RHSA-2023:7279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7279" }, { "reference_url": "https://usn.ubuntu.com/6463-1/", "reference_id": "USN-6463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6463-1/" }, { "reference_url": "https://usn.ubuntu.com/6463-2/", "reference_id": "USN-6463-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6463-2/" }, { "reference_url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", "reference_id": "VMSA-2023-0024.html", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:26:48Z/" } ], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", "reference_id": "WLTKVTRKQW2GD2274H3UOW6XU4E62GSK", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:26:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511316?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:11.2.5-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-p124-ddy9-qydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:11.2.5-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-34058" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hq6-cp8y-p7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81886?format=api", "vulnerability_id": "VCID-3zga-us5x-3kbb", "summary": "open-vm-tools: Insecure file handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22247.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55883", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55893", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55881", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55863", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55887", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105159", "reference_id": "1105159", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364261", "reference_id": "2364261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364261" }, { "reference_url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683", "reference_id": "25683", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T12:14:29Z/" } ], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683" }, { "reference_url": "https://usn.ubuntu.com/7508-1/", "reference_id": "USN-7508-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7508-1/" }, { "reference_url": "https://usn.ubuntu.com/7508-2/", "reference_id": "USN-7508-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7508-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511317?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:12.2.0-1%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:12.2.0-1%252Bdeb12u4" } ], "aliases": [ "CVE-2025-22247" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zga-us5x-3kbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96122?format=api", "vulnerability_id": "VCID-561f-96ak-mkf7", "summary": "VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31676.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31676.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20908", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20983", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20969", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20925", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2086", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20863", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31676" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018012", "reference_id": "1018012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018012" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118714", "reference_id": "2118714", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118714" }, { "reference_url": "https://security.gentoo.org/glsa/202210-27", "reference_id": "GLSA-202210-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6354", "reference_id": "RHSA-2022:6354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6355", "reference_id": "RHSA-2022:6355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6356", "reference_id": "RHSA-2022:6356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6356" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6357", "reference_id": "RHSA-2022:6357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6358", "reference_id": "RHSA-2022:6358", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6358" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6381", "reference_id": "RHSA-2022:6381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6381" }, { "reference_url": "https://usn.ubuntu.com/5578-1/", "reference_id": "USN-5578-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5578-1/" }, { "reference_url": "https://usn.ubuntu.com/5578-2/", "reference_id": "USN-5578-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5578-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511316?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:11.2.5-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-p124-ddy9-qydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:11.2.5-2%252Bdeb11u3" } ], "aliases": [ "CVE-2022-31676" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-561f-96ak-mkf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96119?format=api", "vulnerability_id": "VCID-6beb-tmzd-37hc", "summary": "vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4200.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12661", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12746", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1275", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12712", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12631", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165900", "reference_id": "1165900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165900" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770809", "reference_id": "770809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770809" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/531890?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:9.4.6-1770165-8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:9.4.6-1770165-8" } ], "aliases": [ "CVE-2014-4200" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6beb-tmzd-37hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96121?format=api", "vulnerability_id": "VCID-9dah-9m6p-pyhc", "summary": "VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5191.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20601", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.205", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20613", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2054", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20559", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20491", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5191" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253689", "reference_id": "1253689", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253689" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869633", "reference_id": "869633", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869633" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/575723?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:10.3.0-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:10.3.0-1~bpo8%252B1" } ], "aliases": [ "CVE-2015-5191" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dah-9m6p-pyhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94291?format=api", "vulnerability_id": "VCID-9r6f-5urj-qkgv", "summary": "open-vm-tools: SAML token signature bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20900.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74527", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74558", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74564", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74554", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74536", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74563", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20900" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050970", "reference_id": "1050970", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050970" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236542", "reference_id": "2236542", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5210", "reference_id": "RHSA-2023:5210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5213", "reference_id": "RHSA-2023:5213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5216", "reference_id": "RHSA-2023:5216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5217", "reference_id": "RHSA-2023:5217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5218", "reference_id": "RHSA-2023:5218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5220", "reference_id": "RHSA-2023:5220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5312", "reference_id": "RHSA-2023:5312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5313", "reference_id": "RHSA-2023:5313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5315", "reference_id": "RHSA-2024:5315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5315" }, { "reference_url": "https://usn.ubuntu.com/6365-1/", "reference_id": "USN-6365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6365-1/" }, { "reference_url": "https://usn.ubuntu.com/6365-2/", "reference_id": "USN-6365-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6365-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511316?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:11.2.5-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-p124-ddy9-qydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:11.2.5-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-20900" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9r6f-5urj-qkgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74517?format=api", "vulnerability_id": "VCID-d6gc-nra8-gka8", "summary": "open-vm-tools: Local privilege escalation in open-vm-tools", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41244.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41244.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-41244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67562", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67574", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67563", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67547", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67568", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-41244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397752", "reference_id": "2397752", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397752" }, { "reference_url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149", "reference_id": "36149", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-10-30T03:56:00Z/" } ], "url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17428", "reference_id": "RHSA-2025:17428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17429", "reference_id": "RHSA-2025:17429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17445", "reference_id": "RHSA-2025:17445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17446", "reference_id": "RHSA-2025:17446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17452", "reference_id": "RHSA-2025:17452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17509", "reference_id": "RHSA-2025:17509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17509" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17510", "reference_id": "RHSA-2025:17510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17511", "reference_id": "RHSA-2025:17511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17512", "reference_id": "RHSA-2025:17512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17512" }, { "reference_url": "https://usn.ubuntu.com/7785-1/", "reference_id": "USN-7785-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7785-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511317?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:12.2.0-1%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:12.2.0-1%252Bdeb12u4" } ], "aliases": [ "CVE-2025-41244" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6gc-nra8-gka8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96113?format=api", "vulnerability_id": "VCID-jefv-ed2f-9fd6", "summary": "vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25234", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25331", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25314", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25265", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25207", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25215", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1681" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623968", "reference_id": "623968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623968" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517623?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:8.8.0%2B2012.05.21-724730-1%2Bnmu2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-6beb-tmzd-37hc" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-spwc-kvav-e7b7" }, { "vulnerability": "VCID-v335-wfw4-tbce" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:8.8.0%252B2012.05.21-724730-1%252Bnmu2%252Bdeb7u1" } ], "aliases": [ "CVE-2011-1681" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jefv-ed2f-9fd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96111?format=api", "vulnerability_id": "VCID-r4xh-rg6n-uud7", "summary": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14649", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14742", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1475", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14708", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14626", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1142" }, { "reference_url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", "reference_id": "2009.03.18-154848", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T20:49:01Z/" } ], "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158065", "reference_id": "2158065", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158065" }, { "reference_url": "https://bugs.gentoo.org/264577", "reference_id": "264577", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T20:49:01Z/" } ], "url": "https://bugs.gentoo.org/264577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517623?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:8.8.0%2B2012.05.21-724730-1%2Bnmu2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-6beb-tmzd-37hc" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-spwc-kvav-e7b7" }, { "vulnerability": "VCID-v335-wfw4-tbce" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:8.8.0%252B2012.05.21-724730-1%252Bnmu2%252Bdeb7u1" } ], "aliases": [ "CVE-2009-1142" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4xh-rg6n-uud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78419?format=api", "vulnerability_id": "VCID-spwc-kvav-e7b7", "summary": "The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3237.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22305", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22292", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22245", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22191", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22205", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3237" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706557", "reference_id": "706557", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706557" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=956158", "reference_id": "956158", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956158" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/531890?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:9.4.6-1770165-8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:9.4.6-1770165-8" } ], "aliases": [ "CVE-2013-3237" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spwc-kvav-e7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96116?format=api", "vulnerability_id": "VCID-tz8e-e7rn-b3dw", "summary": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24447", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24549", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24539", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24483", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24425", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24435", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2146" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631507", "reference_id": "631507", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631507" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517623?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:8.8.0%2B2012.05.21-724730-1%2Bnmu2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-6beb-tmzd-37hc" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-spwc-kvav-e7b7" }, { "vulnerability": "VCID-v335-wfw4-tbce" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:8.8.0%252B2012.05.21-724730-1%252Bnmu2%252Bdeb7u1" } ], "aliases": [ "CVE-2011-2146" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tz8e-e7rn-b3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96117?format=api", "vulnerability_id": "VCID-v335-wfw4-tbce", "summary": "vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4199.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07167", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07199", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07205", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07191", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07148", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07169", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165899", "reference_id": "1165899", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165899" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770809", "reference_id": "770809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770809" }, { "reference_url": "https://usn.ubuntu.com/7714-1/", "reference_id": "USN-7714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7714-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/531890?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:9.4.6-1770165-8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:9.4.6-1770165-8" } ], "aliases": [ "CVE-2014-4199" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v335-wfw4-tbce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96114?format=api", "vulnerability_id": "VCID-wa2j-ezc5-duat", "summary": "Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20897", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20972", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20958", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20913", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20848", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20851", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1787" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631506", "reference_id": "631506", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631506" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517623?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:8.8.0%2B2012.05.21-724730-1%2Bnmu2%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hq6-cp8y-p7g5" }, { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-561f-96ak-mkf7" }, { "vulnerability": "VCID-6beb-tmzd-37hc" }, { "vulnerability": "VCID-9dah-9m6p-pyhc" }, { "vulnerability": "VCID-9r6f-5urj-qkgv" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-spwc-kvav-e7b7" }, { "vulnerability": "VCID-v335-wfw4-tbce" }, { "vulnerability": "VCID-xj8d-pp6g-83eh" }, { "vulnerability": "VCID-z8km-q1nq-fueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:8.8.0%252B2012.05.21-724730-1%252Bnmu2%252Bdeb7u1" } ], "aliases": [ "CVE-2011-1787" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wa2j-ezc5-duat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92120?format=api", "vulnerability_id": "VCID-xj8d-pp6g-83eh", "summary": "open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23234", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23344", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23329", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23284", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2323", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34059" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/26/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/26/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/27/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/27/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666", "reference_id": "1054666", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/27/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/27/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246096", "reference_id": "2246096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246096" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/27/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/27/3" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5543", "reference_id": "dsa-5543", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5543" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", "reference_id": "G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", "reference_id": "MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", "reference_id": "msg00002.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7260", "reference_id": "RHSA-2023:7260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7261", "reference_id": "RHSA-2023:7261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7262", "reference_id": "RHSA-2023:7262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7263", "reference_id": "RHSA-2023:7263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7264", "reference_id": "RHSA-2023:7264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7265", "reference_id": "RHSA-2023:7265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7267", "reference_id": "RHSA-2023:7267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7276", "reference_id": "RHSA-2023:7276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7277", "reference_id": "RHSA-2023:7277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7279", "reference_id": "RHSA-2023:7279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7279" }, { "reference_url": "https://usn.ubuntu.com/6463-1/", "reference_id": "USN-6463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6463-1/" }, { "reference_url": "https://usn.ubuntu.com/6463-2/", "reference_id": "USN-6463-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6463-2/" }, { "reference_url": "https://usn.ubuntu.com/7714-1/", "reference_id": "USN-7714-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7714-1/" }, { "reference_url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", "reference_id": "VMSA-2023-0024.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", "reference_id": "WLTKVTRKQW2GD2274H3UOW6XU4E62GSK", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-06T15:38:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511316?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:11.2.5-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-p124-ddy9-qydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:11.2.5-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-34059" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj8d-pp6g-83eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95949?format=api", "vulnerability_id": "VCID-z8km-q1nq-fueu", "summary": "open-vm-tools: authentication bypass vulnerability in the vgauth module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20867.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0219", "scoring_system": "epss", "scoring_elements": "0.84718", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0219", "scoring_system": "epss", "scoring_elements": "0.84719", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0219", "scoring_system": "epss", "scoring_elements": "0.84722", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0219", "scoring_system": "epss", "scoring_elements": "0.84716", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0219", "scoring_system": "epss", "scoring_elements": "0.84705", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02946", "scoring_system": "epss", "scoring_elements": "0.86705", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20900" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037546", "reference_id": "1037546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037546" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/16/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213087", "reference_id": "2213087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213087" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5493", "reference_id": "dsa-5493", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5493" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html", "reference_id": "msg00020.html", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230725-0001/", "reference_id": "ntap-20230725-0001", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230725-0001/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/", "reference_id": "NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3944", "reference_id": "RHSA-2023:3944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3945", "reference_id": "RHSA-2023:3945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3946", "reference_id": "RHSA-2023:3946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3947", "reference_id": "RHSA-2023:3947", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3948", "reference_id": "RHSA-2023:3948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3949", "reference_id": "RHSA-2023:3949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3950", "reference_id": "RHSA-2023:3950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3950" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/", "reference_id": "TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/" }, { "reference_url": "https://usn.ubuntu.com/6257-1/", "reference_id": "USN-6257-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6257-1/" }, { "reference_url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html", "reference_id": "VMSA-2023-0013.html", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/", "reference_id": "ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:00:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511316?format=api", "purl": "pkg:deb/debian/open-vm-tools@2:11.2.5-2%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zga-us5x-3kbb" }, { "vulnerability": "VCID-d6gc-nra8-gka8" }, { "vulnerability": "VCID-p124-ddy9-qydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@2:11.2.5-2%252Bdeb11u3" } ], "aliases": [ "CVE-2023-20867" ], "risk_score": 7.0, "exploitability": "2.0", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8km-q1nq-fueu" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/open-vm-tools@1:8.4.2-261024-1" }