Lucene search
K
VmwarePlayer

89 matches found

CVE
CVE
added 2008/06/05 8:21 p.m.1448 views

CVE-2008-2100

CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...

7.2CVSS7.3AI score0.00598EPSS
CVE
CVE
added 2013/12/04 3:0 p.m.432 views

CVE-2013-3519

CVE-2013-3519 concerns a privilege-escalation flaw in VMware’s LGTOSYNC.SYS driver. A crafted memory allocation could allow a guest OS user to gain guest-OS privileges on 32-bit Windows guests. Affected products/versions (per VMSA-2013-0014 and associated advisories): VMware Workstation 9.x befor...

7.9CVSS6.5AI score0.00506EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.320 views

CVE-2010-1205

CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...

9.8CVSS9.9AI score0.43382EPSS
CVE
CVE
added 2012/11/14 11:0 a.m.150 views

CVE-2012-3569

CVE-2012-3569 is a format-string vulnerability in VMware OVF Tool 2.1 on Windows (affecting VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and related products). The flaw arises during OVF file parsing, enabling a attacker to achieve arbitrary code execution via a crafted OV...

9.3CVSS7.4AI score0.47719EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.144 views

CVE-2010-2249

CVE-2010-2249 affects libpng: memory leak in pngrutil.c when processing certain PNG chunks (notably sCAL). Versions affected are libpng before 1.2.44 and 1.4.x before 1.4.3; exploitation can cause a denial of service via memory consumption and application crash. Remediation per connected sources ...

6.5CVSS7.4AI score0.02628EPSS
CVE
CVE
added 2009/04/13 4:0 p.m.135 views

CVE-2009-1244

CVE-2009-1244 is a VMware-hosted products issue where a guest OS could execute code on the host via the virtual machine display function. Affected products include VMware Server/Player/Workstation and related hosted ESX/ESXi components (as described in the CVE record). The root cause is described...

6.8CVSS6.8AI score0.01998EPSS
CVE
CVE
added 2016/01/09 2:0 a.m.134 views

CVE-2015-6933

CVE-2015-6933 affects VMware Tools HGFS across VMware Workstation (11.x prior to 11.1.2), VMware Player (7.x prior to 7.1.2), VMware Fusion (7.x prior to 7.1.2), and VMware ESXi (5.0–6.0). Root cause: HGFS/shared folders component vulnerability leading to guest OS privilege escalation or guest ke...

6.5CVSS6.1AI score0.0151EPSS
CVE
CVE
added 2009/11/02 3:0 p.m.124 views

CVE-2009-2267

CVE-2009-2267 affects VMware products (Workstation, Player, ACE, Server, Fusion, ESXi/ESX) where Virtual-8086 mode is used. The root cause is an improper setting of the exception code on a page fault (#PF), allowing guest OS users to gain privileges on the guest OS by supplying a crafted value fo...

6.9CVSS6.6AI score0.01769EPSS
In wild
CVE
CVE
added 2010/04/27 3:0 p.m.121 views

CVE-2009-4811

CVE-2009-4811 describes a remote denial-of-service in VMware Authorization Service (vmware-authd) via a crafted sequence in USER and PASS that crashes the process. Affected products include VMware Workstation 7.0 (before 7.0.1 build 227600), VMware Workstation 6.5.x (before 6.5.4 build 246459), V...

5CVSS6.4AI score0.02759EPSS
CVE
CVE
added 2015/01/29 6:0 p.m.118 views

CVE-2015-1043

Affected products and component: VMware HGFS in Workstation 10.x (before 10.0.5), VMware Player 6.x (before 6.0.5), and VMware Fusion 6.x (before 6.0.5) and 7.x (before 7.0.1). Vulnerability and impact: HGFS input validation flaw that allows guest OS users to cause a guest OS denial of service. T...

3.3CVSS3.6AI score0.00786EPSS
CVE
CVE
added 2009/10/16 4:0 p.m.100 views

CVE-2009-3707

CVE-2009-3707 corresponds to a remote denial-of-service in VMware hosted products via a format-string vulnerability in the authentication path. The initial description names VMware Workstation 7.x (before 7.0.1 build 227600) and 6.5.x (before 6.5.4 build 246459), VMware Player 3.x (before 3.0.1 b...

5CVSS6.4AI score0.11106EPSS
CVE
CVE
added 2007/09/21 6:0 p.m.97 views

CVE-2007-0062

CVE-2007-0062: The vulnerability affects ISC DHCPD 3.0.x (before 3.0.7) and 3.1.x (before 3.1.1), plus the DHCP servers in VMware Workstation/Player, ACE, and related products. It is caused by a stack-based buffer overflow triggered by a malformed DHCP packet with a large dhcp-max-message-size, p...

10CVSS7.7AI score0.07618EPSS
CVE
CVE
added 2008/09/03 2:0 p.m.96 views

CVE-2008-3691

CVE-2008-3691 corresponds to an unspecified vulnerability in a VMware ActiveX control. Affected products include VMware Workstation 5.5.x up to 5.5.8-108000, VMware Workstation 6.0.x up to 6.0.5-109488, VMware Player 1.x up to 1.0.8-108000, VMware Player 2.x up to 2.0.5-109488, VMware ACE 1.x up ...

10CVSS6.5AI score0.03912EPSS
CVE
CVE
added 2010/04/12 6:0 p.m.95 views

CVE-2010-1139

CVE-2010-1139 is a format-string vulnerability in VMware's vmrun (VMware VIX API 1.6.x) that may allow local users to execute code with the privileges of the listing user. Affected products/versions include VMware Workstation 6.5.x (before 6.5.4 build 246459), VMware Player 2.5.x (before 2.5.4 bu...

7.2CVSS6.4AI score0.00333EPSS
CVE
CVE
added 2015/01/29 6:0 p.m.92 views

CVE-2014-8370

CVE-2014-8370 affects VMware products including Workstation 10.x before 10.0.5, Player 6.x before 6.0.5, Fusion 6.x before 6.0.5, and ESXi 5.0–5.5. The vulnerability allows host OS users to gain host privileges or cause a denial of service via an arbitrary write to a file by modifying a configura...

6.4CVSS4AI score0.04189EPSS
CVE
CVE
added 2015/06/13 2:0 p.m.90 views

CVE-2015-2341

CVE-2015-2341 affects multiple VMware desktop products via a crafted RPC command that causes DoS in a 32-bit guest or 64-bit host. Affected versions include VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1. OpenVAS/NESS...

7.8CVSS6.3AI score0.01917EPSS
CVE
CVE
added 2008/11/10 11:0 a.m.89 views

CVE-2008-4915

CVE-2008-4915 documents a privilege-escalation flaw in CPU hardware emulation across VMware products (Workstation, Player, Server, ESX/ESXi, and related variants) when running 32/64-bit guest OS. The trap-flag handling flaw allows an authenticated guest OS user to gain privileges on the guest OS....

6.9CVSS6.5AI score0.00408EPSS
CVE
CVE
added 2010/12/06 9:0 p.m.89 views

CVE-2010-4297

CVE-2010-4297 describes an OS command injection flaw in the VMware Tools update functionality that affects multiple VMware products (Workstation, Player, Fusion, ESXi/ESX/Server, etc.). The root cause is improper validation of user-supplied input during tool update, allowing a local host user to ...

7.2CVSS6.6AI score0.0517EPSS
Web
CVE
CVE
added 2015/06/13 2:0 p.m.89 views

CVE-2015-2340

CVE-2015-2340 affects VMware desktop products on Windows: TPInt.dll (and related TPView.dll) memory handling flaws in VMware Workstation 10.x before 10.0.6, 11.x before 11.1.1; VMware Player 6.x before 6.0.6, 7.x before 7.1.1; and VMware Horizon Client 3.2.x/3.3.x/5.x. Root cause is improper memo...

6.1CVSS6.2AI score0.00659EPSS
CVE
CVE
added 2011/06/06 7:0 p.m.88 views

CVE-2011-2145

CVE-2011-2145 affects VMware Tools HGFS. When a Solaris or FreeBSD guest OS is used, mount.vmhgfs in the Host/Guest File System can allow a guest OS user to write to arbitrary guest files via unspecified vectors due to a procedural error. Affected products and versions (from VMware/VMware Tools r...

6.3CVSS6.4AI score0.00319EPSS
CVE
CVE
added 2008/03/20 12:0 a.m.85 views

CVE-2008-1361

The CVE-2008-1361 issue affects multiple VMware products (Workstation 6.0.x up to 6.0.3, 5.5.x up to 5.5.6; Player 2.0.x up to 2.0.3 and 1.0.x up to 1.0.6; ACE 2.0.x up to 2.0.1 and 1.0.x up to 1.0.5; Server 1.0.x up to 1.0.5 on Windows). The root cause is an unspecified manipulation that causes ...

6.8CVSS6.7AI score0.00347EPSS
CVE
CVE
added 2008/12/09 12:0 a.m.85 views

CVE-2008-4917

CVE-2008-4917 is a memory corruption issue in VMware VM hardware where a guest can trigger an arbitrary physical-memory write, affecting VMware Workstation 5.5.8 and earlier, 6.x, VMware Player 1.0.8 and 2.x, VMware Server 1.0.9 and earlier, and ESXi/ESX 3.x. Root cause: mis-handling of a guest-t...

7.2CVSS6.5AI score0.00462EPSS
CVE
CVE
added 2008/09/03 2:0 p.m.84 views

CVE-2008-3694

CVE-2008-3694 refers to an unspecified vulnerability in several VMware ActiveX controls (used by VMware Workstation, VMware Player, VMware ACE, and VMware Server). The description states it has unknown impact and remote attack vectors, and it is distinguished from related CVEs (2008-3691, -3692, ...

10CVSS6.5AI score0.0356EPSS
CVE
CVE
added 2007/09/21 6:0 p.m.83 views

CVE-2007-0063

CVE-2007-0063 affects the DHCP server in VMware-related products (Workstation, Player, ACE, Server) prior to the listed builds. An integer underflow in the DHCP server can trigger a stack-based buffer overflow when processing malformed DHCP packets, enabling remote code execution. Mitigation in t...

10CVSS7.4AI score0.20413EPSS
CVE
CVE
added 2014/01/17 7:0 p.m.82 views

CVE-2014-1208

CVE-2014-1208 affects VMware products including Workstation 9.x (before 9.0.1), Player 5.x (before 5.0.1), Fusion 5.x (before 5.0.1), ESXi 4.0–5.1, and ESX 4.0–4.1. Root cause: handling of invalid port in VMX/ NFC path leads to guest-user–triggered denial of service (VMX process disruption). Impa...

3.3CVSS6.3AI score0.00676EPSS
CVE
CVE
added 2008/06/05 8:21 p.m.81 views

CVE-2007-5671

CVE-2007-5671 is a VMware Tools local privilege-escalation issue in the guest HGFS driver (HGFS.sys) present in VMware Workstation/Player/ACE/Server and ESX/ESXi components. The flaw arises from improper validation of arguments to user-mode IOCTLs to .\hgfs, enabling a guest user to modify kernel...

4.4CVSS6.8AI score0.00388EPSS
CVE
CVE
added 2008/03/20 12:0 a.m.81 views

CVE-2008-1340

VMware VMCI vulnerability CVE-2008-1340 affects VMware Workstation 6.0.x prior to 6.0.3, VMware Player 2.0.x prior to 2.0.3, and VMware ACE 2.0.x prior to 2.0.1. The issue allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger memory exhaustion and memor...

7.1CVSS6.3AI score0.01736EPSS
CVE
CVE
added 2010/04/12 6:0 p.m.81 views

CVE-2010-1142

CVE-2010-1142 affects VMware Tools across multiple VMware products (Workstation 6.5.x before 6.5.4, Player 2.5.x before 2.5.4, ACE 2.5.x before 2.5.4, Server 2.x before 2.0.2, Fusion 2.x before 2.0.6, ESXi/ESX family) where Windows guest users could gain privileges by placing a Trojan horse on th...

8.5CVSS6.5AI score0.01641EPSS
CVE
CVE
added 2008/02/26 12:0 a.m.80 views

CVE-2008-0923

CVE-2008-0923 is a directory traversal vulnerability in VMware’s Shared Folders feature (HGFS) that affects desktop products including VMware Workstation up to 6.0.2, Workstation 5.5.4, VMware Player 2.0.2 and 1.0.4, and VMware ACE 2.0.2 and 1.0.2 . The root cause is a mismatch between input vali...

6.9CVSS6.3AI score0.00486EPSS
CVE
CVE
added 2011/06/06 7:0 p.m.80 views

CVE-2011-1787

The CVE-2011-1787 issue is a race condition in VMware HGFS (mount.vmhgfs) within the Host-Guest File System. Affected products include VMware Workstation 7.1.x (prior to 7.1.4), VMware Player 3.1.x (prior to 3.1.4), VMware Fusion 3.1.x (prior to 3.1.3), VMware ESXi 3.5–4.1, and VMware ESX 3.0.3–4...

6.9CVSS6.6AI score0.00241EPSS
CVE
CVE
added 2009/06/01 7:0 p.m.79 views

CVE-2009-1805

CVE-2009-1805 concerns the VMware Descheduled Time Accounting DoS vulnerability. The issue affects multiple VMware products where the Descheduled Time Accounting Service is not running inside a Windows guest, allowing a guest OS user to cause a denial of service via unknown vectors. Affected prod...

4CVSS6.2AI score0.00331EPSS
CVE
CVE
added 2014/05/31 10:0 a.m.79 views

CVE-2014-3793

CVE-2014-3793 affects VMware Tools across VMware Workstation 10.x (<10.0.2), VMware Player 6.x (<6.0.2), VMware Fusion 6.x (

5.8CVSS6.6AI score0.01147EPSS
CVE
CVE
added 2008/06/05 8:21 p.m.78 views

CVE-2008-0967

CVE-2008-0967 describes a local privilege escalation in vmware-authd due to an untrusted library search path. A local user can gain privileges by manipulating a library path option in a configuration file. Affected products include VMware Workstation 5.x (before 5.5.7 build 91707), VMware Worksta...

6.9CVSS6.7AI score0.00356EPSS
CVE
CVE
added 2009/04/06 3:0 p.m.78 views

CVE-2009-0909

VMware CVE-2009-0909 is the VNnc Codec heap overflow in VMware Workstation 6.5.x before 6.5.2 (build 156735), VMware Player 2.5.x before 2.5.2 (build 156735), VMware ACE 2.5.x before 2.5.2 (build 156735), and VMware Server 2.0.x before 2.0.1 (build 156745). It allows remote code execution via a c...

9.3CVSS7AI score0.04627EPSS
CVE
CVE
added 2015/06/13 2:0 p.m.77 views

CVE-2015-2338

This CVE set covers VMware’s TPView.dll memory allocation flaw that can cause host-denial-of-service from guest OS on Windows. Affected products and ranges include: VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1; VMware Player 6.x before 6.0.6 and 7.x before 7.1.1; VMware Horizon Cl...

6.1CVSS6.3AI score0.00659EPSS
CVE
CVE
added 2008/09/03 2:0 p.m.76 views

CVE-2008-3692

CVE-2008-3692 is described as an unspecified vulnerability in a VMware ActiveX control affecting multiple VMware products: Workstation 5.5.x up to 5.5.8 (build 108000), Workstation 6.0.x up to 6.0.5 (build 109488), VMware Player 1.x up to 1.0.8 (108000), VMware Player 2.x up to 2.0.5 (109488), VM...

10CVSS6.5AI score0.0356EPSS
CVE
CVE
added 2012/09/08 10:0 a.m.76 views

CVE-2012-1666

The CVE-2012-1666 entry describes an untrusted search path vulnerability in VMware Tools components across VMware Workstation (before 8.0.4), VMware Player (before 4.0.4), VMware Fusion (before 4.1.2), VMware View (before 5.1), and VMware ESX (4.1 before U3 and 5.0 before P03). The underlying iss...

6.9CVSS6.3AI score0.00784EPSS
CVE
CVE
added 2015/06/13 2:0 p.m.76 views

CVE-2015-2337

CVE-2015-2337 affects VMware’s TPInt.dll (and related TPView.dll) memory handling. VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1; VMware Player 6.x before 6.0.6 and 7.x before 7.1.1; and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows are...

5.8CVSS7.4AI score0.00747EPSS
CVE
CVE
added 2008/09/03 2:0 p.m.75 views

CVE-2008-3696

CVE-2008-3696 corresponds to an unspecified vulnerability in VMware ActiveX controls used by VMware Workstation/Player/ACE/Server (across multiple versions). The connected NVD entry notes a remote, network-exploitable issue with unknown impact, affecting VMware ActiveX components across Workstati...

10CVSS6.5AI score0.03564EPSS
CVE
CVE
added 2010/04/12 6:0 p.m.75 views

CVE-2009-3732

CVE-2009-3732 is a VMware Remote Console (VMrc) format-string vulnerability in vmware-vmrc.exe build 158248 that allows remote code execution via a malicious page or URL. Exploitation requires luring the VMrc user to open a crafted page; code executes with the privileges of the logged-on user. Th...

10CVSS6.9AI score0.162EPSS
CVE
CVE
added 2010/04/12 6:0 p.m.75 views

CVE-2010-1140

VMware Workstation 7.0 (before 7.0.1, build 227600) and VMware Player 3.0 (before 3.0.1, build 227600) on Windows are affected by CVE-2010-1140 through their USB service. Local host users can escalate privileges by placing a Trojan horse on the host OS disk. Affected products and builds are confi...

6.9CVSS6.4AI score0.00318EPSS
CVE
CVE
added 2012/04/17 9:0 p.m.75 views

CVE-2012-1518

The CVE-2012-1518 issue affects VMware products due to an incorrect ACL on the VMware Tools folder that could let a guest OS user escalate privileges. Affected products/versions include VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESX...

8.3CVSS6.6AI score0.01719EPSS
CVE
CVE
added 2015/06/13 2:0 p.m.75 views

CVE-2015-2339

CVE-2015-2339 affects VMware TPView.dll memory allocation in Windows-hosted VMware products. Affected: Workstation 10.x before 10.0.6, 11.x before 11.1.1; Player 6.x before 6.0.6, 7.x before 7.1.1; Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x before 5.4.2. The flaw (memory allocation issue) ...

6.1CVSS6.3AI score0.00659EPSS
CVE
CVE
added 2008/03/20 12:0 a.m.74 views

CVE-2008-1364

CVE-2008-1364 describes an unspecified vulnerability in the DHCP service across multiple VMware products (Workstation 5.5.x before 5.5.6, Player 1.0.x before 1.0.6, ACE 1.0.x before 1.0.5, Server 1.0.x before 1.0.5, Fusion 1.1.x before 1.1.1) that allows an attacker to cause a denial of service. ...

7.8CVSS6.3AI score0.0204EPSS
CVE
CVE
added 2008/10/06 6:0 p.m.74 views

CVE-2008-4279

CVE-2008-4279 details two VMware 64-bit guest emulation flaws that allow an authenticated guest to escalate privileges by triggering an exception that causes the virtual CPU to jump to a non-canonical address. Affected products include Workstation 6.0.x before 6.0.5 (109488), Workstation 5.x befo...

6.8CVSS6.3AI score0.00393EPSS
CVE
CVE
added 2010/09/28 5:0 p.m.73 views

CVE-2010-3277

Summary: CVE-2010-3277 affects VMware Workstation 7.x (before 7.1.2 build 301548) and VMware Player 3.x (before 3.1.2 build 301548). The installer can render an index.htm file present in the installation directory, potentially causing local users to trigger unintended interpretation of web script...

2.1CVSS8.5AI score0.00308EPSS
CVE
CVE
added 2010/12/06 9:0 p.m.73 views

CVE-2010-4295

CVE-2010-4295 describes a race condition in the mounting process of vmware-mount that could allow a local host user to gain privileges via temporary files. Affected products include VMware Workstation 7.x (before 7.1.2 on Linux), VMware Player 3.1.x (before 3.1.2 on Linux), VMware Server 2.0.2 (L...

6.9CVSS6.6AI score0.00285EPSS
CVE
CVE
added 2010/04/12 6:0 p.m.72 views

CVE-2010-1141

CVE-2010-1141 affects VMware Tools and related VMware host components (Workstation, Player, ACE, Server, Fusion, ESXi/ESX). The flaw is improper access/loading of libraries, enabling a user-assisted remote attacker to trigger arbitrary code execution by convincing a Windows guest OS user to click...

8.5CVSS6.8AI score0.03802EPSS
CVE
CVE
added 2011/06/06 7:0 p.m.72 views

CVE-2011-2146

CVE-2011-2146 concerns the VMware Host Guest File System (HGFS) disclosure issue. The description specifies that mount.vmhgfs in VMware Workstation (7.1.x before 7.1.4), VMware Player (3.1.x before 3.1.4), VMware Fusion (3.1.x before 3.1.3), and VMware ESXi/ESX (versions 3.5–4.1) allows guest OS ...

2.1CVSS6.2AI score0.0032EPSS
CVE
CVE
added 2007/09/21 6:0 p.m.71 views

CVE-2007-4497

CVE-2007-4497 is an unspecified vulnerability affecting VMware products (Workstation prior to 5.5.5 Build 56455, Player prior to 1.0.5 Build 56455, Player 2 prior to 2.0.1 Build 55017, ACE prior to 1.0.3 Build 54075, ACE 2 prior to 2.0.1 Build 55017, and Server prior to 1.0.4 Build 56528). It all...

5.5CVSS6.1AI score0.00826EPSS
Total number of security vulnerabilities89