CVE-2025-41236 VMXNET3 integer-overflow vulnerability

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

CVE-2025-41236

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

VMware多款产品 缓冲区错误漏洞

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...

VMware多款产品 缓冲区错误漏洞

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...

VMware多款产品 缓冲区错误漏洞

VMWare ESXi and others are products of VMWare, Inc. VMWare ESXi is an enterprise-grade Type-1 hypervisor developed by VMWare, Inc. that can be installed and run directly on physical server hardware without relying on the underlying operating system for efficient creation and management of virtual...

PT-2025-29585

Name of the Vulnerable Software and Affected Versions VMware ESXi, Workstation, and Fusion affected versions not specified Description The software contains an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local...

PT-2025-29584

Name of the Vulnerable Software and Affected Versions VMware ESXi, Workstation, and Fusion versions affected versions not specified Description VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local...

PT-2025-29586

Name of the Vulnerable Software and Affected Versions VMware ESXi affected versions not specified VMware Workstation affected versions not specified VMware Fusion affected versions not specified Description VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI...

VMware多款产品 安全漏洞

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a suite of virtual machine software, and VMware Fusion is a suite of virtual machine software specifically designed to run Windows applications on Macs. VMware Fusion is a sui...

PT-2025-29587

Name of the Vulnerable Software and Affected Versions: VMware ESXi VMware Workstation VMware Fusion VMware Tools Description: The software contains an information disclosure issue due to the use of uninitialized memory in vSockets. A malicious actor with local administrative privileges on a virtu...

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

Advisory ID: | VMSA-2025-0013 ---|--- Advisory Severity: | Critical CVSSv3 Range: | 6.2-9.3 Synopsis: | VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239 Issue date: | 2025-07-15 Updated on: |...

VMware Workstation 13.0.x < 13.6.4 / 17.0.x < 17.6.4 Multiple Vulnerabilities (VMSA-2025-0013)

The version of VMware Workstation installed on the remote host is 13.0.x prior to 13.6.4 or 17.0.x prior to 17.6.4. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version numbe...

Photon OS 4.0: Libxml2 PHSA-2025-4.0-0787

An update of the libxml2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0787. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Gobgp PHSA-2025-5.0-0548

An update of the gobgp package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0548. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability of the net/vmw_vsock/virtio_transport_common.c component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the net/vmwvsock/virtiotransportcommon.c component in the Linux operating system is related to information disclosure. Exploiting this vulnerability could allow an attacker to cause a service failure...

Photon OS 5.0: Krb5 PHSA-2025-5.0-0545

An update of the krb5 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0545. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Linux PHSA-2025-5.0-0545

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0545. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

USN-7595-5 linux-gcp, linux-gcp-6.8 vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

Security Bulletin: Broadcomm VMware ESXi Vulnerabilities affect IBM Cloud Pak System

Summary Broadcomm VMware ESXi Vulnerabilities affect IBM Cloud Pak SystemCVE-2025-22224, CVE-2025-22225,CVE-2025-22226 Vulnerability Details CVEID:CVE-2025-22224 DESCRIPTION: VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write...

CVE-2025-37101

A potential security vulnerability has been identified in HPE OneView for VMware vCenter OV4VC. This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation operator can perform admin actions...