cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-38811,https://securityvulnerability.io/vulnerability/CVE-2024-38811,VMware Fusion Vulnerability Allows Code Execution with Standard User Privileges,"VMware Fusion versions prior to 13.6 are vulnerable to a code-execution issue stemming from the use of an insecure environment variable. This flaw enables an attacker with standard user privileges to execute arbitrary code within the context of the Fusion application, potentially leading to unauthorized actions or further exploitation of the environment. Organizations using VMware Fusion should address this vulnerability by updating to the latest version to mitigate potential risks associated with this security gap.",VMware,Fusion,7.8,HIGH,0.0004199999966658652,false,true,false,false,,false,false,2024-09-03T09:47:28.120Z,0 CVE-2024-22273,https://securityvulnerability.io/vulnerability/CVE-2024-22273,VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks,"The vulnerability involves an out-of-bounds read/write issue within the storage controllers of VMware ESXi, Workstation, and Fusion. A malicious actor with access to a virtual machine enabled with these storage controllers can exploit this vulnerability. The exploitation may result in a denial of service condition or allow the execution of arbitrary code on the hypervisor, especially when leveraged in conjunction with other vulnerabilities. This situation poses significant risk to virtualized environments relying on VMware's products, underscoring the necessity for timely security updates and patches.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation (esxi)",8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-21T17:29:05.426Z,0 CVE-2024-22255,https://securityvulnerability.io/vulnerability/CVE-2024-22255,Information disclosure vulnerability,"VMware ESXi, Workstation, and Fusion have a vulnerability within the UHCI USB controller that may lead to information disclosure. If an attacker gains administrative access to a virtual machine, they could potentially exploit this vulnerability to extract sensitive memory content from the vmx process, posing risks to data confidentiality and system integrity. Users are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-05T17:58:35.987Z,0 CVE-2024-22253,https://securityvulnerability.io/vulnerability/CVE-2024-22253,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the UHCI USB controller. This flaw allows a malicious user with local administrative privileges on a virtual machine to exploit the vulnerability, potentially executing arbitrary code within the VMX process on the host system. On ESXi, this exploitation is limited to the VMX sandbox environment. In contrast, on Workstation and Fusion, successful exploitation could permit the execution of code directly on the host machine, posing a significant security risk to users.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,true,false,false,,false,false,2024-03-05T17:57:27.297Z,0 CVE-2024-22252,https://securityvulnerability.io/vulnerability/CVE-2024-22252,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the XHCI USB controller. This threat arises from the ability of a malicious actor who has local administrative privileges on a virtual machine to exploit this vulnerability, potentially leading to code execution as the virtual machine's VMX process on the host. While exploitation on ESXi remains within the VMX sandbox, vulnerabilities in Workstation and Fusion may enable code execution on the host machines. Administrators should prioritize patching to mitigate potential security risks.",VMWare,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,true,false,true,,true,false,2024-03-05T17:57:22.043Z,3285 CVE-2024-22251,https://securityvulnerability.io/vulnerability/CVE-2024-22251,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read in USB CCID,"VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. ",VMware,"Vmware Workstation,Vmware Fusion",5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-29T01:44:00.000Z,0 CVE-2023-34045,https://securityvulnerability.io/vulnerability/CVE-2023-34045,VMware Fusion installer local privilege escalation,"VMware Fusion versions 13.x prior to 13.5 exhibit a local privilege escalation vulnerability that can be exploited during the initial installation or during application upgrades. This flaw arises when a non-administrative user is able to drag or copy the application from the '.dmg' volume, potentially allowing malicious actors to elevate privileges to root, compromising the security of the system on which Fusion is installed.",VMware,Fusion,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-10-20T10:15:00.000Z,0 CVE-2023-34046,https://securityvulnerability.io/vulnerability/CVE-2023-34046,VMware Fusion TOCTOU local privilege escalation vulnerability,"VMware Fusion prior to version 13.5 contains a TOCTOU vulnerability that can be exploited during the installation process. An attacker with local non-administrative privileges could exploit this flaw to gain elevated privileges, allowing them to execute commands with root-level access on macOS systems where VMware Fusion is installed or being installed. This vulnerability highlights the significance of secure installation practices and the importance of monitoring access levels during application deployment.",VMware,Fusion,7,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-10-20T09:15:00.000Z,0 CVE-2023-34044,https://securityvulnerability.io/vulnerability/CVE-2023-34044,Information disclosure vulnerability in bluetooth device-sharing functionality,"VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.",VMware,"Workstation,Fusion",6,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-10-20T09:15:00.000Z,0 CVE-2023-20871,https://securityvulnerability.io/vulnerability/CVE-2023-20871,Local Privilege Escalation in VMware Fusion by VMware,"VMware Fusion is impacted by a vulnerability that allows a malicious actor with read/write access to the host operating system to escalate privileges. This can potentially lead to unauthorized root access, compromising the integrity of the host system. It is essential for users to assess their exposure to this risk and implement recommended security measures immediately. For further details, refer to VMware's advisory.",Vmware,VMware Fusion,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-04-25T00:00:00.000Z,0 CVE-2023-20872,https://securityvulnerability.io/vulnerability/CVE-2023-20872,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read/Write Flaw Affects SCSI CD/DVD Device Emulation,"VMware Workstation and Fusion have a vulnerability in their SCSI CD/DVD device emulation that can lead to an out-of-bounds read/write situation. This could potentially allow an attacker to execute arbitrary code, impacting the confidentiality, integrity, and availability of the system. Users are advised to review the security advisory for mitigation steps.",Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,8.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-04-25T00:00:00.000Z,0 CVE-2023-20869,https://securityvulnerability.io/vulnerability/CVE-2023-20869,VMware Workstation and Fusion Buffer Overflow Vulnerability,"The CVE-2023-20869 is a critical stack-based buffer overflow vulnerability found in VMware Workstation and Fusion products that could allow a malicious actor with local admin privileges to execute code on the virtual machine's VMX process running on the host. The vulnerability has been patched by VMware, along with three other security vulnerabilities. It was also exploited during the Pwn2Own Vancouver event, earning the contestant $80,000. The patch for the vulnerability was released in late April, and organizations are urged to update their affected products promptly to mitigate the risk of exploitation. The exploitation of the vulnerability could result in unauthorized access and control over affected systems, with potential impacts including data breaches, system compromise, and further spread of malware.",Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,8.2,HIGH,0.002259999979287386,false,true,false,true,,false,false,2023-04-25T00:00:00.000Z,0 CVE-2023-20870,https://securityvulnerability.io/vulnerability/CVE-2023-20870,,VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.,Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,6,MEDIUM,0.0014100000262260437,false,true,false,false,,false,false,2023-04-25T00:00:00.000Z,0 CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,,"VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,false,false,true,true,false,false,2022-12-14T00:00:00.000Z,0 CVE-2021-22041,https://securityvulnerability.io/vulnerability/CVE-2021-22041,,"VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2022-02-16T16:37:54.000Z,0 CVE-2021-22040,https://securityvulnerability.io/vulnerability/CVE-2021-22040,,"VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2022-02-16T16:37:53.000Z,0 CVE-2021-22045,https://securityvulnerability.io/vulnerability/CVE-2021-22045,,"VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.",Vmware,"Vmware Esxi, Vmware Workstation And Vmware Fusion",7.8,HIGH,0.0008299999753944576,false,false,false,false,,false,false,2022-01-04T21:39:03.000Z,0 CVE-2020-3960,https://securityvulnerability.io/vulnerability/CVE-2020-3960,,"VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.",Vmware,"Vmware Esxi, Workstation, And Fusion",8.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-09-15T12:14:02.000Z,0 CVE-2020-3999,https://securityvulnerability.io/vulnerability/CVE-2020-3999,,"VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.",Vmware,"Vmware Esxi, Vmware Workstation,vmware Fusion And Vmware Cloud Foundation",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2020-12-21T15:14:08.000Z,0 CVE-2020-4004,https://securityvulnerability.io/vulnerability/CVE-2020-4004,,"VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.",Vmware,"Vmware Esxi,Workstation,Fusion",8.2,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2020-11-20T19:06:28.000Z,0 CVE-2020-3995,https://securityvulnerability.io/vulnerability/CVE-2020-3995,,"In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.",Vmware,"Vmware Esxi, Workstation, Fusion",5.3,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2020-10-20T16:14:34.000Z,0 CVE-2020-3982,https://securityvulnerability.io/vulnerability/CVE-2020-3982,,"VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.",Vmware,"Vmware Esxi, Workstation, Fusion",7.7,HIGH,0.0020800000056624413,false,false,false,false,,false,false,2020-10-20T16:09:04.000Z,0 CVE-2020-3981,https://securityvulnerability.io/vulnerability/CVE-2020-3981,,"VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.",Vmware,"Vmware Esxi, Workstation, Fusion",5.8,MEDIUM,0.002199999988079071,false,false,false,false,,false,false,2020-10-20T16:08:56.000Z,0 CVE-2020-3980,https://securityvulnerability.io/vulnerability/CVE-2020-3980,,VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.,Vmware,Vmware Fusion,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-09-16T16:13:40.000Z,0 CVE-2020-3974,https://securityvulnerability.io/vulnerability/CVE-2020-3974,,"VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.",Vmware,"Vmware Fusion, Vmware Remote Console For Mac And Horizon Client For Mac",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2020-07-10T13:14:45.000Z,0