Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2450 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 9.0 HIGH | N/A |
| VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. | |||||
| CVE-2011-2146 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 2.1 LOW | N/A |
| mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. | |||||
| CVE-2010-1142 | 2 Microsoft, Vmware | 8 Windows, Ace, Esx and 5 more | 2025-04-11 | 8.5 HIGH | N/A |
| VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. | |||||
| CVE-2008-2098 | 1 Vmware | 5 Ace 2, Fusion, Vmware Player 2 and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2009-3282 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | 7.8 HIGH | N/A |
| Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | |||||
| CVE-2009-1244 | 1 Vmware | 7 Ace, Esx, Esxi and 4 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916. | |||||
| CVE-2008-2100 | 1 Vmware | 8 Ace, Esx, Esx Server and 5 more | 2025-04-09 | 7.2 HIGH | N/A |
| Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2009-2267 | 1 Vmware | 7 Ace, Esx, Esxi and 4 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register. | |||||
| CVE-2009-0177 | 1 Vmware | 5 Ace, Fusion, Server and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command. | |||||
| CVE-2009-1805 | 1 Vmware | 7 Ace, Esx, Esxi and 4 more | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. | |||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2024-22252 | 2 Apple, Vmware | 4 Macos, Esxi, Fusion and 1 more | 2025-03-27 | N/A | 9.3 CRITICAL |
| VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | |||||
| CVE-2024-22268 | 3 Apple, Microsoft, Vmware | 4 Macos, Windows, Fusion and 1 more | 2025-03-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. | |||||
| CVE-2024-22273 | 2 Apple, Vmware | 5 Macos, Cloud Foundation, Esxi and 2 more | 2025-03-26 | N/A | 8.1 HIGH |
| The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. | |||||
| CVE-2024-22267 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-03-14 | N/A | 9.3 CRITICAL |
| VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2025-03-13 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | |||||
| CVE-2023-34046 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-03-07 | N/A | 6.7 MEDIUM |
| VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | |||||
| CVE-2023-34045 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-03-07 | N/A | 6.6 MEDIUM |
| VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | |||||
| CVE-2023-20870 | 1 Vmware | 2 Fusion, Workstation | 2025-02-04 | N/A | 6.0 MEDIUM |
| VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | |||||
| CVE-2023-20869 | 1 Vmware | 2 Fusion, Workstation | 2025-02-04 | N/A | 8.2 HIGH |
| VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | |||||