Lucene search
K
VmwareWorkstation Pro

27 matches found

CVE
CVE
added 2022/02/16 4:37 p.m.247 views

CVE-2021-22040

Vulnerability CVE-2021-22040 affects VMware ESXi, Workstation, and Fusion due to a use-after-free in the XHCI USB controller. The issue lets a malicious actor with local VM admin privileges execute code as the host VMX process running on the host. This is a host-level impact triggered from within...

6.7CVSS7.2AI score0.00698EPSS
CVE
CVE
added 2017/09/15 1:0 p.m.166 views

CVE-2017-4924

CVE-2017-4924 is a VMware SVGA out-of-bounds write vulnerability that can allow a guest VM to execute code on the host. Affected products and versions (per provided docs): ESXi 6.5 prior to patch ESXi650-201707101-SG; VMware Workstation 12.x prior to 12.5.7; VMware Fusion 8.x prior to 8.5.8. The ...

8.8CVSS8.7AI score0.00608EPSS
CVE
CVE
added 2018/03/15 7:0 p.m.139 views

CVE-2018-6957

CVE-2018-6957 affects VMware Workstation Pro/Player (14.x prior to 14.1.1; 12.x) and VMware Fusion (10.x prior to 10.1.1 and 8.x). The vulnerability is a denial-of-service that can be triggered by opening a large number of VNC sessions; exploitation requires VNC to be manually enabled. Public-fac...

5.3CVSS5.1AI score0.01654EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.135 views

CVE-2017-4905

CVE-2017-4905 affects VMware ESXi (multiple versions) and VMware Workstation/Fusion up to specific builds, caused by uninitialized memory usage that could leak information. Connected documents provide concrete details: affected products/versions, the root cause (uninitialized memory), and impact ...

5.5CVSS6.5AI score0.01204EPSS
CVE
CVE
added 2017/09/15 1:0 p.m.113 views

CVE-2017-4925

CVE-2017-4925 is a NULL pointer dereference vulnerability that occurs when handling guest RPC requests, enabling a locally authenticated attacker with normal user privileges to crash affected VMs. Affected products/versions include VMware ESXi 6.5 (without patch ESXi650-201707101-SG), 6.0 (withou...

5.5CVSS6AI score0.00384EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.112 views

CVE-2017-4903

CVE-2017-4903 corresponds to an uninitialized stack memory usage in SVGA affecting VMware products. Affected: ESXi 6.5 and older 6.x/5.5 builds listed as without patches (e.g., ESXi650-201703410-SG; ESXi600-201703401-SG; ESXi600-201703403-SG; ESXi600-201703402-SG; ESXi550-201703401-SG); Workstati...

8.8CVSS8.6AI score0.0041EPSS
CVE
CVE
added 2017/05/22 2:0 p.m.111 views

CVE-2017-4915

Summary (validated data): CVE-2017-4915 is a local privilege-escalation vulnerability in VMware Workstation Pro/Player on Linux caused by insecure loading of libraries via the ALSA sound driver configuration files (.asoundrc). The issue allows unprivileged host users to elevate privileges to root...

7.8CVSS7.4AI score0.05413EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.108 views

CVE-2017-4902

CVE-2017-4902 refers to a Heap Buffer Overflow in SVGA that can allow a guest to execute code on the host. Affected products are: VMware ESXi 6.5 (without patch ESXi650-201703410-SG) and ESXi 5.5 (without patch ESXi550-201703401-SG); VMware Workstation Pro/Player 12.x before 12.5.5; VMware Fusion...

8.8CVSS8.6AI score0.00518EPSS
CVE
CVE
added 2016/08/08 1:0 a.m.101 views

CVE-2016-5330

CVE-2016-5330 describes a local privilege-escalation in VMware HGFS (Shared Folders) where a Trojan horse DLL loaded from the current working directory or other insecure paths can be executed with the rights of the affected guest/user. The vulnerability affects multiple VMware products and versio...

7.8CVSS7.3AI score0.1802EPSS
CVE
CVE
added 2017/12/20 3:0 p.m.97 views

CVE-2017-4933

Summary: CVE-2017-4933 affects VMware ESXi (6.5 prior to ESXi650-201710401-BG), VMware Workstation (12.x prior to 12.5.8), and VMware Fusion (8.x prior to 8.5.9). It describes a heap overflow in the VNC component that can be triggered by a specific set of VNC packets in an authenticated VNC sessi...

8.8CVSS8.7AI score0.03571EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.95 views

CVE-2017-4904

CVE-2017-4904 concerns VMware products with uninitialized memory usage in the XHCI controller, potentially allowing a guest to execute code on the host. Affected: VMware ESXi (versions 5.5 and later) without patches ESXi650-201703410-SG, ESXi600-201703401-SG, ESXi600-201703403-SG, ESXi600-2017034...

8.8CVSS8.5AI score0.00427EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.81 views

CVE-2016-7461

CVE-2016-7461 affects VMware desktop products via a drag-and-drop (DnD) and copy-paste (CnP) memory handling bug in the DnD/CnP RPC path. The issue allows a guest OS user to execute arbitrary code on the host or cause a host DoS through an out-of-bounds memory access. Affected: VMware Workstation...

8.8CVSS8.7AI score0.00542EPSS
CVE
CVE
added 2020/09/16 4:17 p.m.78 views

CVE-2020-3990

VMware Workstation (15.x) and Horizon Client for Windows (5.x prior to 5.4.4) are affected by CVE-2020-3990 due to an integer overflow in Cortado ThinPrint. A local attacker with access to a guest VM can exploit this to disclose memory from the TPView process, only if virtual printing is enabled ...

6.5CVSS6.3AI score0.00324EPSS
CVE
CVE
added 2020/09/16 4:14 p.m.76 views

CVE-2020-3988

CVE-2020-3988 affects VMware Workstation 15.x and Horizon Client for Windows 5.x (pre-5.4.4). The issue is an out-of-bounds read in the Cortado ThinPrint JPEG2000 parser, which can allow a local attacker with VM access to cause a partial DoS or leak memory from TPView. Evidence from multiple sour...

6.1CVSS5.9AI score0.00301EPSS
CVE
CVE
added 2020/09/16 4:13 p.m.75 views

CVE-2020-3986

CVE-2020-3986 affects VMware Workstation 15.x and Horizon Client for Windows 5.x (before 5.4.4). The issue is an out-of-bounds read in the Cortado ThinPrint EMF Parser, allowing a user with normal access to a VM to cause partial DoS or memory leakage in the TPView process. Modes of exploitation a...

6.1CVSS5.9AI score0.00301EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.73 views

CVE-2017-4898

CVE-2017-4898 affects VMware Workstation Pro/Player 12.x prior to 12.5.3. The issue is a DLL loading vulnerability in the vmware-vmx process caused by loading DLLs from a path defined in a local environment variable, which may allow a local attacker to escalate privileges to SYSTEM on the host. V...

8.8CVSS6.8AI score0.00393EPSS
CVE
CVE
added 2020/09/16 4:14 p.m.73 views

CVE-2020-3987

CVE-2020-3987 is an out-of-bounds read vulnerability in the Cortado ThinPrint EMR STRETCHDIBITS parser affecting VMware Workstation 15.x and Horizon Client for Windows older than 5.4.4. A malicious actor with normal access to a guest VM may trigger a partial DoS or leak memory from the TPView pro...

6.1CVSS5.9AI score0.00301EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.71 views

CVE-2017-4899

VMware Workstation Pro/Player 12.x prior to 12.5.3 contains a vulnerability in the SVGA driver (CVE-2017-4899) that can crash the guest VM or trigger an out-of-bounds read. Exploitation is described as local (within a VM) and is conditioned on the host lacking graphics hardware/drivers. The issue...

4.7CVSS5.8AI score0.00294EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.68 views

CVE-2016-7083

CVE-2016-7083 — VMware Workstation/Player 12.x prior to 12.5.0 (Windows) is vulnerable when Cortado ThinPrint virtual printing is enabled. The flaw stems from handling TrueType fonts embedded in EMFSPOOL, which could let a guest OS user execute arbitrary code on the host or trigger a host memory ...

7.8CVSS7.8AI score0.01496EPSS
CVE
CVE
added 2017/05/22 2:0 p.m.67 views

CVE-2017-4916

CVE-2017-4916 is a NULL pointer dereference in the vstor2 driver affecting VMware Workstation Pro/Player (12.x). Public sources document denial-of-service via local exploitation on Windows hosts with normal user privileges. Several references tie the issue to VMware Workstation 12.x before 12.5.5...

6.8CVSS6.5AI score0.04952EPSS
Web
CVE
CVE
added 2016/12/29 9:2 a.m.66 views

CVE-2016-7082

CVE-2016-7082 affects VMware Workstation Pro 12.x and Workstation Player 12.x on Windows prior to 12.5.0 when Cortado ThinPrint virtual printing is enabled. The issue stems from improper handling of EMF files in tpview.dll, causing memory corruption and enabling arbitrary code execution on the ho...

7.8CVSS7.8AI score0.00384EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.63 views

CVE-2016-7084

CVE-2016-7084 affects VMware Workstation Pro 12.x and VMware Workstation Player 12.x on Windows (pre-12.5.0) where tpview.dll handles Cortado ThinPrint virtual printing. The root issue allows a guest OS user to trigger arbitrary code execution on the host or cause host memory corruption via a JPE...

7.8CVSS7.8AI score0.01522EPSS
CVE
CVE
added 2020/09/16 4:17 p.m.62 views

CVE-2020-3989

VMware Workstation 15.x and Horizon Client for Windows (5.x before 5.4.4) are affected by CVE-2020-3989 due to an out-of-bounds write in the Cortado ThinPrint component. This enables a local attacker with VM access to trigger a partial denial-of-service if virtual printing is enabled (not default...

3.3CVSS4.6AI score0.00289EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.61 views

CVE-2017-4900

VMware Workstation Pro/Player 12.x prior to 12.5.3 contains a NULL pointer dereference in the SVGA driver. The issue allows a local attacker with normal user privileges to crash the guest VM (and potentially disrupt host stability). VMware’s VMSA-2017-0003 documents three related CVEs (including ...

5.5CVSS6.5AI score0.00338EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.60 views

CVE-2016-7085

CVE-2016-7085 describes an untrusted search path vulnerability in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, enabling local privilege escalation via a Trojan horse DLL placed in an unspecified directory. The initial description states th...

7.8CVSS7.5AI score0.00418EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.56 views

CVE-2016-7086

The CVE-2016-7086 issue affects VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows. The root cause is a Trojan horse setup64.exe placed in the installation directory, enabling local privilege escalation for attackers with local access. The public...

7.8CVSS7.4AI score0.00341EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.55 views

CVE-2016-7081

VMware Workstation 12.x (both Pro and Player) before 12.5.0 is affected by multiple heap-based buffer overflow vulnerabilities in Cortado ThinPrint handling, allowing a guest OS user to cause host code execution. CVEs include CVE-2016-7081 through CVE-2016-7086; impact is local, with potential ar...

7.8CVSS7.8AI score0.00519EPSS