cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-20870,https://securityvulnerability.io/vulnerability/CVE-2023-20870,,VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.,Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,6,MEDIUM,0.0014100000262260437,false,true,false,false,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2023-20869,https://securityvulnerability.io/vulnerability/CVE-2023-20869,VMware Workstation and Fusion Buffer Overflow Vulnerability,"The CVE-2023-20869 is a critical stack-based buffer overflow vulnerability found in VMware Workstation and Fusion products that could allow a malicious actor with local admin privileges to execute code on the virtual machine's VMX process running on the host. The vulnerability has been patched by VMware, along with three other security vulnerabilities. It was also exploited during the Pwn2Own Vancouver event, earning the contestant $80,000. The patch for the vulnerability was released in late April, and organizations are urged to update their affected products promptly to mitigate the risk of exploitation. The exploitation of the vulnerability could result in unauthorized access and control over affected systems, with potential impacts including data breaches, system compromise, and further spread of malware.",Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,8.2,HIGH,0.002259999979287386,false,true,false,true,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2023-20872,https://securityvulnerability.io/vulnerability/CVE-2023-20872,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read/Write Flaw Affects SCSI CD/DVD Device Emulation,"VMware Workstation and Fusion have a vulnerability in their SCSI CD/DVD device emulation that can lead to an out-of-bounds read/write situation. This could potentially allow an attacker to execute arbitrary code, impacting the confidentiality, integrity, and availability of the system. Users are advised to review the security advisory for mitigation steps.",Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,8.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,,"VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,false,false,true,true,false,false,2022-12-14T00:00:00.000Z,0
CVE-2021-21989,https://securityvulnerability.io/vulnerability/CVE-2021-21989,,VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.,Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2021-05-24T11:43:34.000Z,0
CVE-2021-21988,https://securityvulnerability.io/vulnerability/CVE-2021-21988,,VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.,Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2021-05-24T11:35:00.000Z,0
CVE-2021-21987,https://securityvulnerability.io/vulnerability/CVE-2021-21987,,VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.,Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2021-05-24T11:34:55.000Z,0
CVE-2008-4916,https://securityvulnerability.io/vulnerability/CVE-2008-4916,,"Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.",Vmware,"Vmware Player,Vmware Esx,Vmware Ace,Vmware Server,Vmware Workstation,Vmware Esxi",,,0.0006200000061653554,false,false,false,false,,false,false,2009-04-06T15:00:00.000Z,0
CVE-2009-0177,https://securityvulnerability.io/vulnerability/CVE-2009-0177,,"vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.",Vmware,"Ace,Vmware Player,Vmware Workstation,Server,Fusion",,,0.09364999830722809,false,false,false,false,,false,false,2009-01-20T15:26:00.000Z,0
CVE-2008-0967,https://securityvulnerability.io/vulnerability/CVE-2008-0967,,"Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.",Vmware,"Esx Server,Player,Vmware Server,Vmware Workstation,Workstation,Esxi,Server,Esx",,,0.0004199999966658652,false,false,false,false,,false,false,2008-06-05T20:21:00.000Z,0
CVE-2007-5671,https://securityvulnerability.io/vulnerability/CVE-2007-5671,,"HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.",Vmware,"Vmware Player,Ace,Vmware Server,Vmware Workstation,Workstation,Player,Esx Server,Server,Esx",,,0.0006200000061653554,false,false,false,false,,false,false,2008-06-05T20:21:00.000Z,0
CVE-2008-2098,https://securityvulnerability.io/vulnerability/CVE-2008-2098,,"Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.",Vmware,"Vmware Player 2,Fusion,Workstation,Ace 2,Vmware Workstation",,,0.0010400000028312206,false,false,false,false,,false,false,2008-06-02T14:00:00.000Z,0
CVE-2008-2099,https://securityvulnerability.io/vulnerability/CVE-2008-2099,,"Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.",Vmware,"Ace 2,Vmware Player 2,Vmware Workstation,Workstation",,,0.0008699999889358878,false,false,false,false,,false,false,2008-06-02T14:00:00.000Z,0
CVE-2008-1392,https://securityvulnerability.io/vulnerability/CVE-2008-1392,,"The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.",Vmware,"Ace,Player,Vmware Workstation",,,0.013860000297427177,false,false,false,false,,false,false,2008-03-20T00:00:00.000Z,0
CVE-2008-1364,https://securityvulnerability.io/vulnerability/CVE-2008-1364,,"Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.",Vmware,"Ace,Player,Workstation,Vmware Workstation,Vmware Server,Server",,,0.007530000060796738,false,false,false,false,,false,false,2008-03-20T00:00:00.000Z,0
CVE-2008-1362,https://securityvulnerability.io/vulnerability/CVE-2008-1362,,"VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an ""insecurely created named pipe,"" a different vulnerability than CVE-2008-1361.",Vmware,"Ace,Player,Workstation,Vmware Workstation,Vmware Server,Server",,,0.0005200000014156103,false,false,false,false,,false,false,2008-03-20T00:00:00.000Z,0
CVE-2008-1361,https://securityvulnerability.io/vulnerability/CVE-2008-1361,,"VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.",Vmware,"Ace,Vmware Server,Player,Workstation,Vmware Workstation,Server",,,0.0005200000014156103,false,false,false,false,,false,false,2008-03-20T00:00:00.000Z,0
CVE-2008-1340,https://securityvulnerability.io/vulnerability/CVE-2008-1340,,"Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger ""memory exhaustion and memory corruption.""",Vmware,"Ace,Player,Workstation,Vmware Workstation,Vmware Server,Server",,,0.03979000076651573,false,false,false,false,,false,false,2008-03-20T00:00:00.000Z,0
CVE-2008-0923,https://securityvulnerability.io/vulnerability/CVE-2008-0923,,"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a ""%c0%2e%c0%2e"" string.",Vmware,"Vmware Player,Ace,Workstation,Player,Vmware Workstation",,,0.0008500000112690032,false,false,false,false,,false,false,2008-02-26T00:00:00.000Z,0
CVE-2007-5438,https://securityvulnerability.io/vulnerability/CVE-2007-5438,,"Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.",Vmware,"Vmware Player,Ace,Vmware Server,Vmware Workstation",,,0.0007399999885819852,false,false,false,false,,false,false,2007-10-13T01:00:00.000Z,0
CVE-2007-0062,https://securityvulnerability.io/vulnerability/CVE-2007-0062,,"Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.",Vmware,"Workstation,Ace,Player,Server,Vmware Workstation",,,0.27379998564720154,false,false,false,false,,false,false,2007-09-21T18:00:00.000Z,0