Search
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | |||||
| CVE-2019-5527 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2022-06-02 | 7.2 HIGH | 8.8 HIGH |
| ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. | |||||
| CVE-2018-6974 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-06-02 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2021-22043 | 1 Vmware | 2 Esxi, Fusion | 2022-02-24 | 6.0 MEDIUM | 7.5 HIGH |
| VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. | |||||
| CVE-2017-4904 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2022-02-07 | 7.2 HIGH | 8.8 HIGH |
| The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. | |||||
| CVE-2018-6981 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-02-03 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host. | |||||
| CVE-2018-6966 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-02-03 | 5.5 MEDIUM | 8.1 HIGH |
| VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967. | |||||
| CVE-2018-6967 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-02-03 | 5.5 MEDIUM | 8.1 HIGH |
| VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966. | |||||
| CVE-2017-4941 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-02-03 | 6.0 MEDIUM | 8.8 HIGH |
| VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | |||||
| CVE-2018-6965 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-02-03 | 5.5 MEDIUM | 8.1 HIGH |
| VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967. | |||||
| CVE-2017-4933 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-02-03 | 6.0 MEDIUM | 8.8 HIGH |
| VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | |||||
| CVE-2017-4924 | 1 Vmware | 3 Esxi, Fusion, Workstation Pro | 2022-02-03 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2017-4903 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2022-02-03 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. | |||||
| CVE-2017-4902 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2022-02-03 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. | |||||
| CVE-2021-22045 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2022-01-27 | 6.9 MEDIUM | 7.8 HIGH |
| VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. | |||||
| CVE-2016-5330 | 3 Apple, Microsoft, Vmware | 7 Mac Os X, Windows, Esxi and 4 more | 2021-11-05 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2020-3960 | 1 Vmware | 3 Fusion, Vsphere Esxi, Workstation | 2021-09-28 | 3.6 LOW | 8.4 HIGH |
| VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory. | |||||
| CVE-2020-3957 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2021-09-08 | 6.9 MEDIUM | 7.0 HIGH |
| VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. | |||||
| CVE-2020-3974 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2021-09-08 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. | |||||
| CVE-2020-3948 | 1 Vmware | 2 Fusion, Workstation | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM. | |||||
| CVE-2019-5542 | 1 Vmware | 2 Fusion, Workstation | 2021-07-21 | 4.0 MEDIUM | 7.7 HIGH |
| VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. | |||||
| CVE-2019-5514 | 1 Vmware | 1 Fusion | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines. | |||||
| CVE-2020-4004 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2020-12-03 | 4.6 MEDIUM | 8.2 HIGH |
| VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||||
| CVE-2020-3982 | 2 Apple, Vmware | 6 Mac Os X, Cloud Foundation, Esxi and 3 more | 2020-10-30 | 4.9 MEDIUM | 7.7 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. | |||||
| CVE-2019-5540 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2020-08-24 | 4.0 MEDIUM | 7.7 HIGH |
| VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process. | |||||
| CVE-2020-3969 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.4 MEDIUM | 7.8 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3962 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.4 MEDIUM | 8.2 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. | |||||
| CVE-2020-3967 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.4 MEDIUM | 7.5 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3966 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 3.7 LOW | 7.5 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3968 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.6 MEDIUM | 8.2 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3947 | 1 Vmware | 2 Fusion, Workstation | 2020-03-20 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine. | |||||
| CVE-2018-6962 | 1 Vmware | 1 Fusion | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | |||||
| CVE-2019-5515 | 1 Vmware | 2 Fusion, Workstation | 2019-05-29 | 9.0 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest. | |||||
| CVE-2019-5524 | 1 Vmware | 2 Fusion, Workstation | 2019-04-04 | 9.0 HIGH | 8.8 HIGH |
| VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host. | |||||
| CVE-2018-6983 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2018-12-19 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. | |||||
| CVE-2018-6973 | 1 Vmware | 2 Fusion, Workstation | 2018-10-15 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2017-4950 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2018-02-13 | 6.9 MEDIUM | 7.0 HIGH |
| VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. | |||||
| CVE-2017-4949 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2018-02-13 | 6.9 MEDIUM | 7.0 HIGH |
| VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. | |||||
| CVE-2017-4934 | 1 Vmware | 2 Fusion, Workstation | 2017-12-03 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2016-7461 | 2 Microsoft, Vmware | 5 Windows, Fusion, Fusion Pro and 2 more | 2017-07-28 | 7.2 HIGH | 8.8 HIGH |
| The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. | |||||