Fusion@* Security Vulnerabilities and Issues — Fusion@* CVE List

Lucene search

VmwareFusion*

10 matches found

CVE•added 2024/03/05 6:15 p.m.•220 views

CVE-2024-22255

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

7.1CVSS7.7AI score0.03411EPSS

CVE•added 2024/03/05 6:15 p.m.•137 views

CVE-2024-22252

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitat...

9.3CVSS9.5AI score0.00327EPSS

CVE•added 2024/03/05 6:15 p.m.•110 views

CVE-2024-22253

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitat...

9.3CVSS9.5AI score0.00061EPSS

CVE•added 2024/02/29 1:44 a.m.•103 views

CVE-2024-22251

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.

5.9CVSS5.4AI score0.0006EPSS

CVE•added 2024/05/21 6:15 p.m.•100 views

CVE-2024-22273

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a vi...

8.1CVSS7.1AI score0.00229EPSS

CVE•added 2024/05/14 4:16 p.m.•84 views

CVE-2024-22267

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

9.3CVSS9.1AI score0.00114EPSS

CVE•added 2024/05/14 4:16 p.m.•75 views

CVE-2024-22268

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.

7.1CVSS6.6AI score0.00104EPSS

CVE•added 2024/09/03 10:15 a.m.•74 views

CVE-2024-38811

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

8.8CVSS8.4AI score0.00054EPSS

CVE•added 2024/05/14 4:16 p.m.•64 views

CVE-2024-22270

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual mac...

7.1CVSS7.2AI score0.00049EPSS

CVE•added 2024/05/14 4:16 p.m.•46 views

CVE-2024-22269

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

7.1CVSS6.2AI score0.00049EPSS