https://www.vmware.com/security/advisories/VMSA-2013-0003.html
VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client. Exploitation of the issue may lead to code execution.
To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network
https://www.vmware.com/security/advisories/VMSA-2013-0002.html
VMware ESX, Workstation, Fusion, and View address a vulnerability in the VMCI.SYS driver which could result in a privilege escalation on Windows-based hosts and on Windows-based Guest Operating Systems.
(local escalation)
https://www.vmware.com/security/advisories/VMSA-2012-0011.html
Input data is not properly validated when loading Checkpoint files. This may allow an attacker with the ability to load a specially crafted Checkpoint file to execute arbitrary code on the host.
Mitigation - Do not import virtual machines from untrusted sources.
https://www.vmware.com/security/advisories/VMSA-2012-0009.html
VMware host memory overwrite vulnerability (function pointers)
Due to a flaw in the handler function for RPC commands, it is possible to manipulate function pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
Mitigation: Do not allow untrusted users access to your virtual machines. Root or Administrator level permissions are not required to exploit this issue.
https://www.vmware.com/security/advisories/VMSA-2012-0007.html
The access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.
(local escalation)
https://www.vmware.com/security/advisories/VMSA-2012-0006.html
A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2 32-bit.
(local escalation)
https://www.vmware.com/security/advisories/VMSA-2012-0005.html
VMware Tools Display Driver Privilege Escalation
(local escalation on windows)
...
https://www.vmware.com/security/advisories/VMSA-2009-0015.html
local privilege escalation https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2267
and also read files from host https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3733
