89 matches found
CVE-2008-2100
CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...
CVE-2013-3519
CVE-2013-3519 concerns a privilege-escalation flaw in VMware’s LGTOSYNC.SYS driver. A crafted memory allocation could allow a guest OS user to gain guest-OS privileges on 32-bit Windows guests. Affected products/versions (per VMSA-2013-0014 and associated advisories): VMware Workstation 9.x befor...
CVE-2010-1205
CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...
CVE-2012-3569
CVE-2012-3569 is a format-string vulnerability in VMware OVF Tool 2.1 on Windows (affecting VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and related products). The flaw arises during OVF file parsing, enabling a attacker to achieve arbitrary code execution via a crafted OV...
CVE-2010-2249
CVE-2010-2249 affects libpng: memory leak in pngrutil.c when processing certain PNG chunks (notably sCAL). Versions affected are libpng before 1.2.44 and 1.4.x before 1.4.3; exploitation can cause a denial of service via memory consumption and application crash. Remediation per connected sources ...
CVE-2009-1244
CVE-2009-1244 is a VMware-hosted products issue where a guest OS could execute code on the host via the virtual machine display function. Affected products include VMware Server/Player/Workstation and related hosted ESX/ESXi components (as described in the CVE record). The root cause is described...
CVE-2015-6933
CVE-2015-6933 affects VMware Tools HGFS across VMware Workstation (11.x prior to 11.1.2), VMware Player (7.x prior to 7.1.2), VMware Fusion (7.x prior to 7.1.2), and VMware ESXi (5.0–6.0). Root cause: HGFS/shared folders component vulnerability leading to guest OS privilege escalation or guest ke...
CVE-2009-2267
CVE-2009-2267 affects VMware products (Workstation, Player, ACE, Server, Fusion, ESXi/ESX) where Virtual-8086 mode is used. The root cause is an improper setting of the exception code on a page fault (#PF), allowing guest OS users to gain privileges on the guest OS by supplying a crafted value fo...
CVE-2009-4811
CVE-2009-4811 describes a remote denial-of-service in VMware Authorization Service (vmware-authd) via a crafted sequence in USER and PASS that crashes the process. Affected products include VMware Workstation 7.0 (before 7.0.1 build 227600), VMware Workstation 6.5.x (before 6.5.4 build 246459), V...
CVE-2015-1043
Affected products and component: VMware HGFS in Workstation 10.x (before 10.0.5), VMware Player 6.x (before 6.0.5), and VMware Fusion 6.x (before 6.0.5) and 7.x (before 7.0.1). Vulnerability and impact: HGFS input validation flaw that allows guest OS users to cause a guest OS denial of service. T...
CVE-2009-3707
CVE-2009-3707 corresponds to a remote denial-of-service in VMware hosted products via a format-string vulnerability in the authentication path. The initial description names VMware Workstation 7.x (before 7.0.1 build 227600) and 6.5.x (before 6.5.4 build 246459), VMware Player 3.x (before 3.0.1 b...
CVE-2007-0062
CVE-2007-0062: The vulnerability affects ISC DHCPD 3.0.x (before 3.0.7) and 3.1.x (before 3.1.1), plus the DHCP servers in VMware Workstation/Player, ACE, and related products. It is caused by a stack-based buffer overflow triggered by a malformed DHCP packet with a large dhcp-max-message-size, p...
CVE-2008-3691
CVE-2008-3691 corresponds to an unspecified vulnerability in a VMware ActiveX control. Affected products include VMware Workstation 5.5.x up to 5.5.8-108000, VMware Workstation 6.0.x up to 6.0.5-109488, VMware Player 1.x up to 1.0.8-108000, VMware Player 2.x up to 2.0.5-109488, VMware ACE 1.x up ...
CVE-2010-1139
CVE-2010-1139 is a format-string vulnerability in VMware's vmrun (VMware VIX API 1.6.x) that may allow local users to execute code with the privileges of the listing user. Affected products/versions include VMware Workstation 6.5.x (before 6.5.4 build 246459), VMware Player 2.5.x (before 2.5.4 bu...
CVE-2014-8370
CVE-2014-8370 affects VMware products including Workstation 10.x before 10.0.5, Player 6.x before 6.0.5, Fusion 6.x before 6.0.5, and ESXi 5.0–5.5. The vulnerability allows host OS users to gain host privileges or cause a denial of service via an arbitrary write to a file by modifying a configura...
CVE-2015-2341
CVE-2015-2341 affects multiple VMware desktop products via a crafted RPC command that causes DoS in a 32-bit guest or 64-bit host. Affected versions include VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1. OpenVAS/NESS...
CVE-2008-4915
CVE-2008-4915 documents a privilege-escalation flaw in CPU hardware emulation across VMware products (Workstation, Player, Server, ESX/ESXi, and related variants) when running 32/64-bit guest OS. The trap-flag handling flaw allows an authenticated guest OS user to gain privileges on the guest OS....
CVE-2010-4297
CVE-2010-4297 describes an OS command injection flaw in the VMware Tools update functionality that affects multiple VMware products (Workstation, Player, Fusion, ESXi/ESX/Server, etc.). The root cause is improper validation of user-supplied input during tool update, allowing a local host user to ...
CVE-2015-2340
CVE-2015-2340 affects VMware desktop products on Windows: TPInt.dll (and related TPView.dll) memory handling flaws in VMware Workstation 10.x before 10.0.6, 11.x before 11.1.1; VMware Player 6.x before 6.0.6, 7.x before 7.1.1; and VMware Horizon Client 3.2.x/3.3.x/5.x. Root cause is improper memo...
CVE-2011-2145
CVE-2011-2145 affects VMware Tools HGFS. When a Solaris or FreeBSD guest OS is used, mount.vmhgfs in the Host/Guest File System can allow a guest OS user to write to arbitrary guest files via unspecified vectors due to a procedural error. Affected products and versions (from VMware/VMware Tools r...
CVE-2008-1361
The CVE-2008-1361 issue affects multiple VMware products (Workstation 6.0.x up to 6.0.3, 5.5.x up to 5.5.6; Player 2.0.x up to 2.0.3 and 1.0.x up to 1.0.6; ACE 2.0.x up to 2.0.1 and 1.0.x up to 1.0.5; Server 1.0.x up to 1.0.5 on Windows). The root cause is an unspecified manipulation that causes ...
CVE-2008-4917
CVE-2008-4917 is a memory corruption issue in VMware VM hardware where a guest can trigger an arbitrary physical-memory write, affecting VMware Workstation 5.5.8 and earlier, 6.x, VMware Player 1.0.8 and 2.x, VMware Server 1.0.9 and earlier, and ESXi/ESX 3.x. Root cause: mis-handling of a guest-t...
CVE-2008-3694
CVE-2008-3694 refers to an unspecified vulnerability in several VMware ActiveX controls (used by VMware Workstation, VMware Player, VMware ACE, and VMware Server). The description states it has unknown impact and remote attack vectors, and it is distinguished from related CVEs (2008-3691, -3692, ...
CVE-2007-0063
CVE-2007-0063 affects the DHCP server in VMware-related products (Workstation, Player, ACE, Server) prior to the listed builds. An integer underflow in the DHCP server can trigger a stack-based buffer overflow when processing malformed DHCP packets, enabling remote code execution. Mitigation in t...
CVE-2010-1142
CVE-2010-1142 affects VMware Tools across multiple VMware products (Workstation 6.5.x before 6.5.4, Player 2.5.x before 2.5.4, ACE 2.5.x before 2.5.4, Server 2.x before 2.0.2, Fusion 2.x before 2.0.6, ESXi/ESX family) where Windows guest users could gain privileges by placing a Trojan horse on th...
CVE-2014-1208
CVE-2014-1208 affects VMware products including Workstation 9.x (before 9.0.1), Player 5.x (before 5.0.1), Fusion 5.x (before 5.0.1), ESXi 4.0–5.1, and ESX 4.0–4.1. Root cause: handling of invalid port in VMX/ NFC path leads to guest-user–triggered denial of service (VMX process disruption). Impa...
CVE-2007-5671
CVE-2007-5671 is a VMware Tools local privilege-escalation issue in the guest HGFS driver (HGFS.sys) present in VMware Workstation/Player/ACE/Server and ESX/ESXi components. The flaw arises from improper validation of arguments to user-mode IOCTLs to .\hgfs, enabling a guest user to modify kernel...
CVE-2008-1340
VMware VMCI vulnerability CVE-2008-1340 affects VMware Workstation 6.0.x prior to 6.0.3, VMware Player 2.0.x prior to 2.0.3, and VMware ACE 2.0.x prior to 2.0.1. The issue allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger memory exhaustion and memor...
CVE-2008-0923
CVE-2008-0923 is a directory traversal vulnerability in VMware’s Shared Folders feature (HGFS) that affects desktop products including VMware Workstation up to 6.0.2, Workstation 5.5.4, VMware Player 2.0.2 and 1.0.4, and VMware ACE 2.0.2 and 1.0.2 . The root cause is a mismatch between input vali...
CVE-2011-1787
The CVE-2011-1787 issue is a race condition in VMware HGFS (mount.vmhgfs) within the Host-Guest File System. Affected products include VMware Workstation 7.1.x (prior to 7.1.4), VMware Player 3.1.x (prior to 3.1.4), VMware Fusion 3.1.x (prior to 3.1.3), VMware ESXi 3.5–4.1, and VMware ESX 3.0.3–4...
CVE-2009-1805
CVE-2009-1805 concerns the VMware Descheduled Time Accounting DoS vulnerability. The issue affects multiple VMware products where the Descheduled Time Accounting Service is not running inside a Windows guest, allowing a guest OS user to cause a denial of service via unknown vectors. Affected prod...
CVE-2014-3793
CVE-2014-3793 affects VMware Tools across VMware Workstation 10.x (<10.0.2), VMware Player 6.x (<6.0.2), VMware Fusion 6.x (
CVE-2008-0967
CVE-2008-0967 describes a local privilege escalation in vmware-authd due to an untrusted library search path. A local user can gain privileges by manipulating a library path option in a configuration file. Affected products include VMware Workstation 5.x (before 5.5.7 build 91707), VMware Worksta...
CVE-2009-0909
VMware CVE-2009-0909 is the VNnc Codec heap overflow in VMware Workstation 6.5.x before 6.5.2 (build 156735), VMware Player 2.5.x before 2.5.2 (build 156735), VMware ACE 2.5.x before 2.5.2 (build 156735), and VMware Server 2.0.x before 2.0.1 (build 156745). It allows remote code execution via a c...
CVE-2012-1666
The CVE-2012-1666 entry describes an untrusted search path vulnerability in VMware Tools components across VMware Workstation (before 8.0.4), VMware Player (before 4.0.4), VMware Fusion (before 4.1.2), VMware View (before 5.1), and VMware ESX (4.1 before U3 and 5.0 before P03). The underlying iss...
CVE-2015-2338
This CVE set covers VMware’s TPView.dll memory allocation flaw that can cause host-denial-of-service from guest OS on Windows. Affected products and ranges include: VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1; VMware Player 6.x before 6.0.6 and 7.x before 7.1.1; VMware Horizon Cl...
CVE-2008-3692
CVE-2008-3692 is described as an unspecified vulnerability in a VMware ActiveX control affecting multiple VMware products: Workstation 5.5.x up to 5.5.8 (build 108000), Workstation 6.0.x up to 6.0.5 (build 109488), VMware Player 1.x up to 1.0.8 (108000), VMware Player 2.x up to 2.0.5 (109488), VM...
CVE-2015-2337
CVE-2015-2337 affects VMware’s TPInt.dll (and related TPView.dll) memory handling. VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1; VMware Player 6.x before 6.0.6 and 7.x before 7.1.1; and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows are...
CVE-2008-3696
CVE-2008-3696 corresponds to an unspecified vulnerability in VMware ActiveX controls used by VMware Workstation/Player/ACE/Server (across multiple versions). The connected NVD entry notes a remote, network-exploitable issue with unknown impact, affecting VMware ActiveX components across Workstati...
CVE-2009-3732
CVE-2009-3732 is a VMware Remote Console (VMrc) format-string vulnerability in vmware-vmrc.exe build 158248 that allows remote code execution via a malicious page or URL. Exploitation requires luring the VMrc user to open a crafted page; code executes with the privileges of the logged-on user. Th...
CVE-2010-1140
VMware Workstation 7.0 (before 7.0.1, build 227600) and VMware Player 3.0 (before 3.0.1, build 227600) on Windows are affected by CVE-2010-1140 through their USB service. Local host users can escalate privileges by placing a Trojan horse on the host OS disk. Affected products and builds are confi...
CVE-2012-1518
The CVE-2012-1518 issue affects VMware products due to an incorrect ACL on the VMware Tools folder that could let a guest OS user escalate privileges. Affected products/versions include VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESX...
CVE-2015-2339
CVE-2015-2339 affects VMware TPView.dll memory allocation in Windows-hosted VMware products. Affected: Workstation 10.x before 10.0.6, 11.x before 11.1.1; Player 6.x before 6.0.6, 7.x before 7.1.1; Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x before 5.4.2. The flaw (memory allocation issue) ...
CVE-2008-1364
CVE-2008-1364 describes an unspecified vulnerability in the DHCP service across multiple VMware products (Workstation 5.5.x before 5.5.6, Player 1.0.x before 1.0.6, ACE 1.0.x before 1.0.5, Server 1.0.x before 1.0.5, Fusion 1.1.x before 1.1.1) that allows an attacker to cause a denial of service. ...
CVE-2008-4279
CVE-2008-4279 details two VMware 64-bit guest emulation flaws that allow an authenticated guest to escalate privileges by triggering an exception that causes the virtual CPU to jump to a non-canonical address. Affected products include Workstation 6.0.x before 6.0.5 (109488), Workstation 5.x befo...
CVE-2010-3277
Summary: CVE-2010-3277 affects VMware Workstation 7.x (before 7.1.2 build 301548) and VMware Player 3.x (before 3.1.2 build 301548). The installer can render an index.htm file present in the installation directory, potentially causing local users to trigger unintended interpretation of web script...
CVE-2010-4295
CVE-2010-4295 describes a race condition in the mounting process of vmware-mount that could allow a local host user to gain privileges via temporary files. Affected products include VMware Workstation 7.x (before 7.1.2 on Linux), VMware Player 3.1.x (before 3.1.2 on Linux), VMware Server 2.0.2 (L...
CVE-2010-1141
CVE-2010-1141 affects VMware Tools and related VMware host components (Workstation, Player, ACE, Server, Fusion, ESXi/ESX). The flaw is improper access/loading of libraries, enabling a user-assisted remote attacker to trigger arbitrary code execution by convincing a Windows guest OS user to click...
CVE-2011-2146
CVE-2011-2146 concerns the VMware Host Guest File System (HGFS) disclosure issue. The description specifies that mount.vmhgfs in VMware Workstation (7.1.x before 7.1.4), VMware Player (3.1.x before 3.1.4), VMware Fusion (3.1.x before 3.1.3), and VMware ESXi/ESX (versions 3.5–4.1) allows guest OS ...
CVE-2007-4497
CVE-2007-4497 is an unspecified vulnerability affecting VMware products (Workstation prior to 5.5.5 Build 56455, Player prior to 1.0.5 Build 56455, Player 2 prior to 2.0.1 Build 55017, ACE prior to 1.0.3 Build 54075, ACE 2 prior to 2.0.1 Build 55017, and Server prior to 1.0.4 Build 56528). It all...