Vulnerabilities fixed in VMware Workstation, Fusion & ESXi

VMware has fixed several vulnerabilities in various products, namely Workstation Pro/Player, Fusion and ESXi. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User right...

VMSA-2020-0005:VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities

Advisory ID: VMSA-2020-0005.2 CVSSv3 Range: 3.2-7.3 Issue Date:2020-03-17 Updated On: 2020-03-24 CVEs: CVE-2020-3950, CVE-2020-3951 Synopsis: VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities...

CVE-2019-5540

VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process...

CVE-2019-5541

VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service...

VMSA-2017-0018:VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities

VMSA-2017-0018.1 VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0018.1 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation,...

CVE-2017-4901

The drag-and-drop DnD function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion...

Code injection

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; an...

VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation (remote check)

VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems. OpenVAS Vulnerability Test $Id: gbVMSA-2013-0014remote.nasl 6093 2017-05-10 09:03:18Z teissa $...