Fusion Security Vulnerabilities and Issues — Fusion CVE List

Lucene search

VmwareFusion

30 matches found

CVE•added 2019/10/10 5:15 p.m.•691 views

CVE-2019-5527

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

8.8CVSS8.6AI score0.00034EPSS

CVE•added 2023/04/25 9:15 p.m.•246 views

CVE-2023-20872

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

8.8CVSS8.5AI score0.00647EPSS

CVE•added 2022/12/14 7:15 p.m.•234 views

CVE-2022-31705

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESX...

8.2CVSS8.4AI score0.01266EPSS

Web

CVE•added 2020/03/16 6:15 p.m.•210 views

CVE-2020-3947

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service...

8.8CVSS8.7AI score0.00449EPSS

CVE•added 2020/11/20 8:15 p.m.•183 views

CVE-2020-4004

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a...

8.2CVSS7.8AI score0.00089EPSS

CVE•added 2023/04/25 10:15 p.m.•160 views

CVE-2023-20869

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

8.2CVSS8.4AI score0.0226EPSS

CVE•added 2018/08/15 12:29 p.m.•143 views

CVE-2018-6973

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

8.8CVSS8.7AI score0.00164EPSS

CVE•added 2018/10/16 8:0 p.m.•143 views

CVE-2018-6974

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

8.8CVSS8.6AI score0.00063EPSS

CVE•added 2017/09/15 1:29 p.m.•142 views

CVE-2017-4924

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

8.8CVSS8.7AI score0.00072EPSS

CVE•added 2018/12/04 2:29 p.m.•123 views

CVE-2018-6981

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmx...

8.8CVSS8.7AI score0.07928EPSS

CVE•added 2017/12/20 3:29 p.m.•118 views

CVE-2017-4941

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this...

8.8CVSS8.7AI score0.04776EPSS

Web

CVE•added 2019/04/01 9:30 p.m.•117 views

CVE-2019-5514

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware T...

8.8CVSS8.7AI score0.02119EPSS

CVE•added 2024/05/21 6:15 p.m.•101 views

CVE-2024-22273

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a vi...

8.1CVSS7.1AI score0.00222EPSS

CVE•added 2018/07/09 8:29 p.m.•94 views

CVE-2018-6965

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user pri...

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2017/06/07 6:29 p.m.•93 views

CVE-2017-4902

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

8.8CVSS8.6AI score0.00062EPSS

CVE•added 2017/06/07 6:29 p.m.•92 views

CVE-2017-4903

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x...

8.8CVSS8.6AI score0.00067EPSS

CVE•added 2018/07/09 8:29 p.m.•86 views

CVE-2018-6966

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2017/12/20 3:29 p.m.•82 views

CVE-2017-4933

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of th...

8.8CVSS8.7AI score0.07078EPSS

Web

CVE•added 2018/07/09 8:29 p.m.•81 views

CVE-2018-6967

8.1CVSS7.4AI score0.00392EPSS

CVE•added 2020/06/24 5:15 p.m.•79 views

CVE-2020-3962

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machi...

8.2CVSS8.1AI score0.00129EPSS

CVE•added 2017/06/07 6:29 p.m.•76 views

CVE-2017-4904

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and ...

8.8CVSS8.5AI score0.00055EPSS

CVE•added 2024/09/03 10:15 a.m.•75 views

CVE-2024-38811

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

8.8CVSS8.4AI score0.00054EPSS

CVE•added 2021/09/15 1:15 p.m.•73 views

CVE-2020-3960

VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a ...

8.4CVSS7.5AI score0.0013EPSS

CVE•added 2010/04/12 6:30 p.m.•67 views

CVE-2010-1142

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0...

8.5CVSS6.5AI score0.01109EPSS

CVE•added 2016/12/29 9:59 a.m.•65 views

CVE-2016-7461

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory acce...

8.8CVSS8.7AI score0.00147EPSS

CVE•added 2020/06/25 3:15 p.m.•62 views

CVE-2020-3968

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local admin...

8.2CVSS8.1AI score0.00096EPSS

CVE•added 2010/04/12 6:30 p.m.•60 views

CVE-2010-1141

8.5CVSS6.8AI score0.0545EPSS

CVE•added 2012/04/17 9:55 p.m.•51 views

CVE-2012-1518

VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.

8.3CVSS6.6AI score0.00908EPSS

CVE•added 2017/11/17 2:29 p.m.•49 views

CVE-2017-4934

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

8.8CVSS8.6AI score0.00047EPSS

CVE•added 2018/11/27 5:29 p.m.•48 views

CVE-2018-6983

VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

8.8CVSS8.8AI score0.00058EPSS