Fusion Security Vulnerabilities and Issues — Page 2 of Fusion CVE List

Lucene search

VmwareFusion

130 matches found

CVE•added 2020/05/29 8:15 p.m.•97 views

CVE-2020-3958

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non...

5.5CVSS5.4AI score0.00095EPSS

CVE•added 2018/07/09 8:29 p.m.•93 views

CVE-2018-6965

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user pri...

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2017/06/07 6:29 p.m.•92 views

CVE-2017-4902

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

8.8CVSS8.6AI score0.00062EPSS

CVE•added 2017/06/07 6:29 p.m.•91 views

CVE-2017-4903

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x...

8.8CVSS8.6AI score0.00067EPSS

CVE•added 2019/04/15 6:29 p.m.•89 views

CVE-2019-5520

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have ac...

5.9CVSS5.8AI score0.0023EPSS

CVE•added 2020/10/20 5:15 p.m.•89 views

CVE-2020-3982

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administra...

7.7CVSS7.5AI score0.00239EPSS

CVE•added 2016/08/08 1:59 a.m.•88 views

CVE-2016-5330

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges...

7.8CVSS7.3AI score0.37267EPSS

CVE•added 2018/10/09 8:29 p.m.•86 views

CVE-2018-6977

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsi...

6.5CVSS6.3AI score0.00079EPSS

CVE•added 2019/04/02 3:29 p.m.•86 views

CVE-2019-5524

VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.

9CVSS8.7AI score0.00808EPSS

CVE•added 2020/06/25 3:15 p.m.•86 views

CVE-2020-3971

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 ...

5.5CVSS6.1AI score0.00043EPSS

CVE•added 2018/07/09 8:29 p.m.•84 views

CVE-2018-6966

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2024/05/14 4:16 p.m.•84 views

CVE-2024-22267

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

9.3CVSS9.1AI score0.00114EPSS

CVE•added 2019/11/20 4:15 p.m.•83 views

CVE-2019-5542

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.

7.7CVSS8.3AI score0.00313EPSS

CVE•added 2020/05/29 8:15 p.m.•83 views

CVE-2020-3959

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may b...

3.3CVSS4.1AI score0.00104EPSS

CVE•added 2023/04/25 10:15 p.m.•82 views

CVE-2023-20870

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

6CVSS7AI score0.00075EPSS

CVE•added 2017/09/15 1:29 p.m.•81 views

CVE-2017-4925

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC reque...

5.5CVSS6AI score0.0019EPSS

CVE•added 2019/04/15 6:29 p.m.•81 views

CVE-2019-5517

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requ...

6.8CVSS6.5AI score0.00382EPSS

CVE•added 2018/07/09 8:29 p.m.•80 views

CVE-2018-6967

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2020/06/24 4:15 p.m.•80 views

CVE-2020-3969

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a vi...

7.8CVSS7.8AI score0.00115EPSS

CVE•added 2019/04/15 5:29 p.m.•78 views

CVE-2019-5516

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue...

6.8CVSS6.3AI score0.00438EPSS

CVE•added 2020/06/24 5:15 p.m.•78 views

CVE-2020-3962

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machi...

8.2CVSS8.1AI score0.00129EPSS

CVE•added 2015/01/29 6:59 p.m.•75 views

CVE-2014-8370

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.

6.4CVSS4AI score0.01041EPSS

CVE•added 2017/06/07 6:29 p.m.•75 views

CVE-2017-4904

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and ...

8.8CVSS8.5AI score0.00102EPSS

CVE•added 2019/10/28 4:15 p.m.•75 views

CVE-2019-5536

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privi...

6.5CVSS6.3AI score0.01525EPSS

CVE•added 2020/10/20 5:15 p.m.•75 views

CVE-2020-3995

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to t...

5.3CVSS6AI score0.0038EPSS

CVE•added 2024/05/14 4:16 p.m.•75 views

CVE-2024-22268

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.

7.1CVSS6.6AI score0.00104EPSS

CVE•added 2024/09/03 10:15 a.m.•74 views

CVE-2024-38811

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

8.8CVSS8.4AI score0.00054EPSS

CVE•added 2010/04/12 6:30 p.m.•73 views

CVE-2010-1139

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string s...

7.2CVSS6.4AI score0.00075EPSS

CVE•added 2011/06/06 7:55 p.m.•73 views

CVE-2011-2145

mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to ...

6.3CVSS6.4AI score0.00087EPSS

CVE•added 2015/06/13 2:59 p.m.•73 views

CVE-2015-2341

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.

7.8CVSS6.3AI score0.0074EPSS

CVE•added 2017/12/20 3:29 p.m.•73 views

CVE-2017-4933

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of th...

8.8CVSS8.7AI score0.07078EPSS

CVE•added 2020/06/25 3:15 p.m.•73 views

CVE-2020-3966

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with lo...

7.5CVSS7.6AI score0.0011EPSS

CVE•added 2010/12/06 9:5 p.m.•72 views

CVE-2010-4297

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 b...

7.2CVSS6.6AI score0.02573EPSS

CVE•added 2015/06/13 2:59 p.m.•72 views

CVE-2015-2340

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a h...

6.1CVSS6.2AI score0.00231EPSS

CVE•added 2021/09/15 1:15 p.m.•72 views

CVE-2020-3960

VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a ...

8.4CVSS7.5AI score0.0013EPSS

CVE•added 2019/11/20 4:15 p.m.•69 views

CVE-2019-5540

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

7.7CVSS7.9AI score0.00855EPSS

CVE•added 2020/03/16 6:15 p.m.•69 views

CVE-2020-3948

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabl...

7.8CVSS7.8AI score0.00028EPSS

CVE•added 2020/06/25 3:15 p.m.•68 views

CVE-2020-3967

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a ...

7.5CVSS7.6AI score0.00142EPSS

CVE•added 2023/10/20 10:15 a.m.•67 views

CVE-2023-34045

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs duringinstallation for the first time (the user needs to drag or copy theapplication to a folder from the '.dmg' volume) or when installing anupgrade. A malicious actor with local non-administrative us...

7.8CVSS7.2AI score0.0012EPSS

CVE•added 2010/04/12 6:30 p.m.•66 views

CVE-2010-1142

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0...

8.5CVSS6.5AI score0.01109EPSS

CVE•added 2018/05/22 1:29 p.m.•65 views

CVE-2018-6963

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine...

5.5CVSS5.7AI score0.00064EPSS

CVE•added 2020/06/25 3:15 p.m.•65 views

CVE-2020-3970

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrativ...

3.8CVSS4.8AI score0.00084EPSS

CVE•added 2016/12/29 9:59 a.m.•64 views

CVE-2016-7461

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory acce...

8.8CVSS8.7AI score0.00147EPSS

CVE•added 2024/05/14 4:16 p.m.•64 views

CVE-2024-22270

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual mac...

7.1CVSS7.2AI score0.00049EPSS

CVE•added 2009/06/01 7:30 p.m.•63 views

CVE-2009-1805

Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 1479...

4CVSS6.2AI score0.00083EPSS

CVE•added 2011/06/06 7:55 p.m.•63 views

CVE-2011-1787

Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the gues...

6.9CVSS6.6AI score0.00067EPSS

CVE•added 2014/01/17 9:55 p.m.•63 views

CVE-2014-1208

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.

3.3CVSS6.3AI score0.00242EPSS

CVE•added 2019/10/10 5:15 p.m.•63 views

CVE-2019-5535

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

4.7CVSS6.3AI score0.00074EPSS

CVE•added 2018/01/11 2:29 p.m.•62 views

CVE-2017-4950

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by defau...

7CVSS6.2AI score0.00047EPSS

CVE•added 2018/01/11 2:29 p.m.•61 views

CVE-2017-4949

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

7CVSS6.1AI score0.00071EPSS

Total number of security vulnerabilities130