3a. PATH configuration privilege escalation vulnerability (CVE-2020-3980)
VMware Fusion contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
3b. Multiple out-of-bounds read vulnerabilities via Cortado ThinPrint (CVE-2020-3986, CVE-2020-3987, CVE-2020-3988)
VMware Workstation and Horizon Client for Windows contain multiple out-of-bounds read vulnerabilities in Cortado ThinPrint component. These issues exist in the EMF and JPEG2000 parsers. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.2.
3c. Denial-of-service vulnerability via Cortado ThinPrint (CVE-2020-3989)
VMware Workstation and Horizon Client for Windows contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.8.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3990
docs.vmware.com/en/VMware-Fusion/index.html
docs.vmware.com/en/VMware-Horizon-Client/index.html
docs.vmware.com/en/VMware-Workstation-Player/index.html
docs.vmware.com/en/VMware-Workstation-Pro/index.html
my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_horizon_clients/5_0
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
www.vmware.com/go/downloadfusion
www.vmware.com/go/downloadplayer
www.vmware.com/go/downloadworkstation