Fusion@* Security Vulnerabilities and Issues — Page 2 of Fusion@* CVE List

Lucene search

VmwareFusion*

93 matches found

CVE•added 2019/04/02 3:29 p.m.•86 views

CVE-2019-5524

VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.

9CVSS8.7AI score0.00808EPSS

CVE•added 2020/06/25 3:15 p.m.•86 views

CVE-2020-3971

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 ...

5.5CVSS6.1AI score0.00043EPSS

CVE•added 2018/07/09 8:29 p.m.•84 views

CVE-2018-6966

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user pri...

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2024/05/14 4:16 p.m.•84 views

CVE-2024-22267

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

9.3CVSS9.1AI score0.00114EPSS

CVE•added 2019/11/20 4:15 p.m.•83 views

CVE-2019-5542

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.

7.7CVSS8.3AI score0.00313EPSS

CVE•added 2020/05/29 8:15 p.m.•83 views

CVE-2020-3959

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may b...

3.3CVSS4.1AI score0.00104EPSS

CVE•added 2023/04/25 10:15 p.m.•82 views

CVE-2023-20870

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

6CVSS7AI score0.00075EPSS

CVE•added 2017/09/15 1:29 p.m.•81 views

CVE-2017-4925

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC reque...

5.5CVSS6AI score0.0019EPSS

CVE•added 2019/04/15 6:29 p.m.•81 views

CVE-2019-5517

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requ...

6.8CVSS6.5AI score0.00382EPSS

CVE•added 2018/07/09 8:29 p.m.•80 views

CVE-2018-6967

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2020/06/24 4:15 p.m.•80 views

CVE-2020-3969

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a vi...

7.8CVSS7.8AI score0.00115EPSS

CVE•added 2019/04/15 5:29 p.m.•78 views

CVE-2019-5516

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue...

6.8CVSS6.3AI score0.00438EPSS

CVE•added 2020/06/24 5:15 p.m.•78 views

CVE-2020-3962

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machi...

8.2CVSS8.1AI score0.00129EPSS

CVE•added 2017/06/07 6:29 p.m.•75 views

CVE-2017-4904

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and ...

8.8CVSS8.5AI score0.00102EPSS

CVE•added 2019/10/28 4:15 p.m.•75 views

CVE-2019-5536

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privi...

6.5CVSS6.3AI score0.01525EPSS

CVE•added 2020/10/20 5:15 p.m.•75 views

CVE-2020-3995

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to t...

5.3CVSS6AI score0.0038EPSS

CVE•added 2024/05/14 4:16 p.m.•75 views

CVE-2024-22268

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.

7.1CVSS6.6AI score0.00104EPSS

CVE•added 2024/09/03 10:15 a.m.•74 views

CVE-2024-38811

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

8.8CVSS8.4AI score0.00054EPSS

CVE•added 2017/12/20 3:29 p.m.•73 views

CVE-2017-4933

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of th...

8.8CVSS8.7AI score0.07078EPSS

CVE•added 2020/06/25 3:15 p.m.•73 views

CVE-2020-3966

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with lo...

7.5CVSS7.6AI score0.0011EPSS

CVE•added 2021/09/15 1:15 p.m.•72 views

CVE-2020-3960

VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a ...

8.4CVSS7.5AI score0.0013EPSS

CVE•added 2019/11/20 4:15 p.m.•69 views

CVE-2019-5540

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

7.7CVSS7.9AI score0.00855EPSS

CVE•added 2020/03/16 6:15 p.m.•69 views

CVE-2020-3948

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabl...

7.8CVSS7.8AI score0.00028EPSS

CVE•added 2020/06/25 3:15 p.m.•68 views

CVE-2020-3967

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a ...

7.5CVSS7.6AI score0.00142EPSS

CVE•added 2023/10/20 10:15 a.m.•67 views

CVE-2023-34045

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs duringinstallation for the first time (the user needs to drag or copy theapplication to a folder from the '.dmg' volume) or when installing anupgrade. A malicious actor with local non-administrative us...

7.8CVSS7.2AI score0.0012EPSS

CVE•added 2018/05/22 1:29 p.m.•65 views

CVE-2018-6963

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine...

5.5CVSS5.7AI score0.00064EPSS

CVE•added 2020/06/25 3:15 p.m.•65 views

CVE-2020-3970

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrativ...

3.8CVSS4.8AI score0.00084EPSS

CVE•added 2024/05/14 4:16 p.m.•64 views

CVE-2024-22270

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual mac...

7.1CVSS7.2AI score0.00049EPSS

CVE•added 2009/06/01 7:30 p.m.•63 views

CVE-2009-1805

Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 1479...

4CVSS6.2AI score0.00083EPSS

CVE•added 2019/10/10 5:15 p.m.•63 views

CVE-2019-5535

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

4.7CVSS6.3AI score0.00074EPSS

CVE•added 2018/01/11 2:29 p.m.•62 views

CVE-2017-4950

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by defau...

7CVSS6.2AI score0.00047EPSS

CVE•added 2018/01/11 2:29 p.m.•61 views

CVE-2017-4949

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

7CVSS6.1AI score0.00071EPSS

CVE•added 2019/11/20 4:15 p.m.•61 views

CVE-2019-5541

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-servic...

9.1CVSS9.3AI score0.00744EPSS

CVE•added 2020/06/25 3:15 p.m.•61 views

CVE-2020-3968

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local admin...

8.2CVSS8.1AI score0.00096EPSS

CVE•added 2019/04/02 3:29 p.m.•60 views

CVE-2019-5515

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but...

9CVSS8.7AI score0.01043EPSS

CVE•added 2009/01/20 4:0 p.m.•59 views

CVE-2009-0177

vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 b...

5CVSS6.4AI score0.12382EPSS

CVE•added 2012/09/08 10:28 a.m.•57 views

CVE-2012-1666

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the curre...

6.9CVSS6.3AI score0.00272EPSS

CVE•added 2023/10/20 9:15 a.m.•57 views

CVE-2023-34046

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use)vulnerability that occurs during installation for the first time (theuser needs to drag or copy the application to a folder from the '.dmg'volume) or when installing an upgrade. A malicious actor with local non-administr...

7CVSS6.8AI score0.00141EPSS

CVE•added 2009/10/16 4:30 p.m.•50 views

CVE-2009-3281

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

7.2CVSS6.4AI score0.00182EPSS

CVE•added 2018/05/22 1:29 p.m.•49 views

CVE-2018-6962

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.

7.8CVSS6.2AI score0.00048EPSS

CVE•added 2018/11/27 5:29 p.m.•47 views

CVE-2018-6983

VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

8.8CVSS8.8AI score0.00058EPSS

CVE•added 2024/05/14 4:16 p.m.•46 views

CVE-2024-22269

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

7.1CVSS6.2AI score0.00049EPSS

CVE•added 2009/10/16 4:30 p.m.•41 views

CVE-2009-3282

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

7.8CVSS6.4AI score0.00442EPSS

Total number of security vulnerabilities93