cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-21989,https://securityvulnerability.io/vulnerability/CVE-2021-21989,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a security flaw due to an out-of-bounds read in the Cortado ThinPrint component. An attacker with access to a virtual machine or remote desktop could exploit this vulnerability, potentially leading to the disclosure of sensitive information from the TPView process on the affected system. Users of these products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:43:34.000Z,0
CVE-2021-21988,https://securityvulnerability.io/vulnerability/CVE-2021-21988,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows are impacted by an out-of-bounds read vulnerability found in the Cortado ThinPrint component, specifically in the JPEG2000 Parser. When exploited by a malicious user who has access to a virtual machine or remote desktop session, this vulnerability can lead to unauthorized information disclosure from the TPView process. This issue exists in versions of VMware Workstation prior to 16.1.2 and Horizon Client for Windows prior to 5.5.2, highlighting the importance of keeping software updated to safeguard against potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:35:00.000Z,0
CVE-2021-21987,https://securityvulnerability.io/vulnerability/CVE-2021-21987,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a vulnerability in the Cortado ThinPrint component that allows for out-of-bounds reads. This flaw can potentially be exploited by malicious actors who have access to a virtual machine or remote desktop, leading to unauthorized information disclosure from the TPView process. It is crucial for users to apply the recommended updates to safeguard their systems from potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:34:55.000Z,0
CVE-2020-3998,https://securityvulnerability.io/vulnerability/CVE-2020-3998,Information Disclosure Vulnerability in VMware Horizon Client for Windows,"VMware Horizon Client for Windows versions prior to 5.5.0 are affected by an information disclosure vulnerability. An attacker with local access could exploit this issue to retrieve hashed credentials following a crash of the Horizon Client application. This exposure can lead to a compromise of sensitive user information, necessitating prompt updates to mitigate the risk.",Vmware,Vmware Horizon Client For Windows,6.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2020-10-23T13:49:50.000Z,0
CVE-2020-3991,https://securityvulnerability.io/vulnerability/CVE-2020-3991,Denial-of-Service Vulnerability in VMware Horizon Client for Windows,"VMware Horizon Client for Windows (5.0.x to 5.5.0) is susceptible to a denial-of-service vulnerability due to improper file system access control during installation. An attacker can exploit this weakness by performing a symbolic link attack that allows the overwriting of certain admin files. This exploitation can lead to a state where the system becomes unresponsive, significantly impacting service availability and user productivity.",Vmware,Vmware Horizon Client For Windows,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-16T13:15:22.000Z,0
CVE-2020-3990,https://securityvulnerability.io/vulnerability/CVE-2020-3990,Information Disclosure Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation (15.x) and Horizon Client for Windows (5.x prior to 5.4.4) contain a vulnerability stemming from an integer overflow issue in the Cortado ThinPrint component. A malicious actor with access to a virtual machine can exploit this vulnerability to disclose sensitive memory information from the TPView process running on the host system. Notably, exploitation is only possible if the virtual printing feature is enabled; while this is not enabled by default on Workstation, it is enabled by default on Horizon Client.",Vmware,Vmware Workstation And Horizon Client For Windows,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-09-16T16:17:17.000Z,0
CVE-2020-3989,https://securityvulnerability.io/vulnerability/CVE-2020-3989,Denial of Service Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows contain a vulnerability in the Cortado ThinPrint component that may allow an attacker with normal access to a virtual machine to exploit an out-of-bounds write issue. If successful, this could lead to a partial denial-of-service condition on the host system where these applications are installed. It is important to note that exploitation is only feasible if the virtual printing feature is enabled, which is not enabled by default in Workstation but is enabled by default in Horizon Client.",Vmware,Vmware Workstation And Horizon Client For Windows,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-09-16T16:17:11.000Z,0
CVE-2020-3988,https://securityvulnerability.io/vulnerability/CVE-2020-3988,Out-of-bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation 15.x and Horizon Client for Windows (versions prior to 5.4.4) are susceptible to an out-of-bounds read vulnerability within the Cortado ThinPrint component, specifically in the JPEG2000 parser. This vulnerability could allow a malicious user with normal access to a virtual machine to induce a partial denial-of-service condition or potentially leak sensitive memory data from the TPView process on the host system that operates VMware Workstation or Horizon Client.",Vmware,Vmware Workstation And Horizon Client For Windows,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-09-16T16:14:08.000Z,0
CVE-2020-3987,https://securityvulnerability.io/vulnerability/CVE-2020-3987,Out-of-bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation (15.x) and Horizon Client for Windows (5.x prior to 5.4.4) are impacted by an out-of-bounds read vulnerability within the Cortado ThinPrint component. This flaw allows a malicious actor with normal access to a virtual machine to potentially exploit the vulnerability, leading to a partial denial-of-service condition or the unauthorized disclosure of memory from the TPView process on systems where Workstation or Horizon Client is installed. It is crucial for users to implement mitigations to safeguard against potential exploitation.",Vmware,Vmware Workstation And Horizon Client For Windows,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-09-16T16:14:01.000Z,0
CVE-2020-3986,https://securityvulnerability.io/vulnerability/CVE-2020-3986,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have an out-of-bounds read vulnerability in the Cortado ThinPrint component's EMF Parser. A potential attacker with normal access to a virtual machine may exploit this issue, leading to a partial denial-of-service condition or unauthorized memory leakage from the TPView process on affected systems.",Vmware,Vmware Workstation And Horizon Client For Windows,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-09-16T16:13:54.000Z,0
CVE-2020-3974,https://securityvulnerability.io/vulnerability/CVE-2020-3974,Privilege Escalation Vulnerability in VMware Products,"VMware Fusion, VMware Remote Console for Mac, and Horizon Client for Mac are exposed to a privilege escalation risk due to inadequate validation of XPC Clients. This flaw allows attackers with standard user permissions to elevate their privileges to root, thereby gaining unauthorized access to sensitive system operations. It is crucial for users to apply the necessary updates to mitigate this risk.",Vmware,"Vmware Fusion, Vmware Remote Console For Mac And Horizon Client For Mac",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-07-10T13:14:45.000Z,0
CVE-2020-3961,https://securityvulnerability.io/vulnerability/CVE-2020-3961,Privilege Escalation Vulnerability in VMware Horizon Client for Windows,"A privilege escalation flaw exists in VMware Horizon Client for Windows versions before 5.4.3, stemming from improper folder permission settings and unsafe library loading practices. This vulnerability allows a local user, with access to the affected system, to execute commands with the privileges of any user, potentially leading to unauthorized actions or data exposure. It is crucial for users to update to the latest version to mitigate the risks associated with this vulnerability.",Vmware,Vmware Horizon Client For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-06-15T15:18:29.000Z,0
CVE-2020-3957,https://securityvulnerability.io/vulnerability/CVE-2020-3957,Local Privilege Escalation Vulnerability in VMware Fusion and Horizon Client,"VMware Fusion versions earlier than 11.5.5, as well as VMware Remote Console for Mac and VMware Horizon Client for Mac versions 5.x and earlier, are susceptible to a local privilege escalation vulnerability stemming from a Time-of-check Time-of-use (TOCTOU) issue in the service opener. An attacker with standard user privileges could exploit this vulnerability to gain elevated privileges, potentially compromising the integrity and security of the affected system.",Vmware,"Vmware Fusion,Vmware Remote Console For Mac,Vmware Horizon Client For Mac",7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-05-29T19:37:58.000Z,0
CVE-2020-3950,https://securityvulnerability.io/vulnerability/CVE-2020-3950,Privilege Escalation Vulnerability in VMware Fusion and Horizon Client Products,"VMware Fusion, VMware Remote Console for Mac, and Horizon Client for Mac are susceptible to a privilege escalation vulnerability caused by improper handling of setuid binaries. An attacker with standard user privileges could exploit this vulnerability to elevate their permissions, potentially gaining root access to the victims' systems where these products are installed. This poses a significant security risk for users relying on these applications to run their virtualized environments.",Vmware,"Vmware Fusion, Vmware Remote Console For Mac And Horizon Client For Mac",7.8,HIGH,0.013269999995827675,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,,false,false,,2020-03-17T18:41:52.000Z,0
CVE-2020-3951,https://securityvulnerability.io/vulnerability/CVE-2020-3951,Denial-of-Service Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows are susceptible to a denial-of-service attack due to a heap overflow vulnerability in Cortado Thinprint. This issue allows attackers with non-administrative access to a guest VM with virtual printing enabled to exploit the weakness, potentially leading to a denial-of-service condition affecting the Thinprint service on the host system. Users of the affected versions should apply the latest updates to mitigate this risk.",Vmware,Vmware Workstation And Horizon Client For Windows,3.8,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-17T18:41:49.000Z,0
CVE-2019-5543,https://securityvulnerability.io/vulnerability/CVE-2019-5543,Writeable Configuration Directory in VMware Horizon Client and VMware Workstation,"In certain versions of VMware Horizon Client, VMware Remote Console, and VMware Workstation for Windows, a vulnerability exists where the folder containing configuration files for the VMware USB arbitration service is set to writable by all users. This misconfiguration allows a local user to modify configurations and potentially execute commands as any user on the system where the software is installed, posing a risk of unauthorized access and system integrity compromise.",Vmware,"Vmware Horizon Client For Windows,Vmware Remote Console For Windows,Vmware Workstation For Windows",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-03-16T17:24:55.000Z,0
CVE-2019-5527,https://securityvulnerability.io/vulnerability/CVE-2019-5527,Use-After-Free Vulnerability in VMware Sound Device,"VMware products including ESXi, Workstation, Fusion, VMRC, and Horizon Client are affected by a use-after-free vulnerability in the virtual sound device component. This flaw can potentially allow an attacker to exploit the memory management flaws, leading to unintended behavior during sound playback operations. Users of these VMware products are advised to implement available updates and security measures to mitigate any possible risks associated with this vulnerability.",Vmware,"Esxi, Workstation, Fusion, Vmrc And Horizon Client",8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-10-10T16:28:46.000Z,0
CVE-2018-6970,https://securityvulnerability.io/vulnerability/CVE-2018-6970,,"VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.",Vmware,"Vmware Horizon 6, Horizon 7, And Horizon Client",6.5,MEDIUM,0.007499999832361937,false,,false,false,false,,,false,false,,2018-08-07T00:00:00.000Z,0
CVE-2018-6964,https://securityvulnerability.io/vulnerability/CVE-2018-6964,,VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.,Vmware,Horizon Client For Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-05-29T00:00:00.000Z,0
CVE-2017-4948,https://securityvulnerability.io/vulnerability/CVE-2017-4948,,"VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",Vmware,"Workstation,Horizon Client For Windows",7.1,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-01-05T14:29:00.000Z,0
CVE-2017-4937,https://securityvulnerability.io/vulnerability/CVE-2017-4937,,"VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.",Vmware,"Workstation,Horizon View Client For Windows",7.8,HIGH,0.0013299999991431832,false,,false,false,false,,,false,false,,2017-11-17T14:29:00.000Z,0
CVE-2017-4935,https://securityvulnerability.io/vulnerability/CVE-2017-4935,,"VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.",Vmware,"Workstation,Horizon View Client For Windows",7.8,HIGH,0.00203999993391335,false,,false,false,false,,,false,false,,2017-11-17T14:29:00.000Z,0
CVE-2017-4936,https://securityvulnerability.io/vulnerability/CVE-2017-4936,,"VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.",Vmware,"Workstation,Horizon View Client For Windows",7.8,HIGH,0.0013299999991431832,false,,false,false,false,,,false,false,,2017-11-16T00:00:00.000Z,0
CVE-2017-4918,https://securityvulnerability.io/vulnerability/CVE-2017-4918,,"VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.",Vmware,Horizon View Client For Mac,9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,,false,false,,2017-06-08T19:00:00.000Z,0
CVE-2017-4908,https://securityvulnerability.io/vulnerability/CVE-2017-4908,,"VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.",Vmware,"Workstation,Horizon View Client For Windows",7.8,HIGH,0.00107999995816499,false,,false,false,false,,,false,false,,2017-06-08T13:00:00.000Z,0