Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5023 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. | |||||
| CVE-2008-2099 | 2 Microsoft, Vmware | 5 Windows, Ace 2, Vmware Player 2 and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2008-3692 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. | |||||
| CVE-2008-3698 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. | |||||
| CVE-2007-0833 | 1 Vmware | 1 Workstation | 2025-04-09 | 1.2 LOW | N/A |
| VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. | |||||
| CVE-2008-4279 | 1 Vmware | 4 Esx, Player, Server and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. | |||||
| CVE-2007-5618 | 1 Vmware | 3 Player, Server, Workstation | 2025-04-09 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. | |||||
| CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2025-04-03 | 7.2 HIGH | N/A |
| VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | |||||
| CVE-2005-0444 | 1 Vmware | 1 Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
| VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | |||||
| CVE-2003-0480 | 1 Vmware | 1 Workstation | 2025-04-03 | 3.7 LOW | N/A |
| VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation." | |||||
| CVE-2005-4459 | 1 Vmware | 4 Ace, Gsx Server, Player and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands. | |||||
| CVE-2001-1059 | 1 Vmware | 1 Workstation | 2025-04-03 | 3.6 LOW | N/A |
| VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | |||||
| CVE-2006-3589 | 1 Vmware | 5 Esx, Infrastructure, Player and 2 more | 2025-04-03 | 3.6 LOW | N/A |
| vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. | |||||
| CVE-2000-0090 | 1 Vmware | 1 Workstation | 2025-04-03 | 3.6 LOW | N/A |
| VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. | |||||
| CVE-1999-0733 | 1 Vmware | 1 Workstation | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. | |||||
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | |||||
| CVE-2005-2939 | 1 Vmware | 1 Workstation | 2025-04-03 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | |||||
| CVE-2003-0739 | 1 Vmware | 1 Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
| VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack. | |||||
| CVE-2024-22252 | 2 Apple, Vmware | 4 Macos, Esxi, Fusion and 1 more | 2025-03-27 | N/A | 9.3 CRITICAL |
| VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | |||||
| CVE-2024-22268 | 3 Apple, Microsoft, Vmware | 4 Macos, Windows, Fusion and 1 more | 2025-03-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. | |||||