cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20872,https://securityvulnerability.io/vulnerability/CVE-2023-20872,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read/Write Flaw Affects SCSI CD/DVD Device Emulation,"VMware Workstation and Fusion have a vulnerability in their SCSI CD/DVD device emulation that can lead to an out-of-bounds read/write situation. This could potentially allow an attacker to execute arbitrary code, impacting the confidentiality, integrity, and availability of the system. Users are advised to review the security advisory for mitigation steps.",Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0
CVE-2023-20869,https://securityvulnerability.io/vulnerability/CVE-2023-20869,VMware Workstation and Fusion Buffer Overflow Vulnerability,"The CVE-2023-20869 is a critical stack-based buffer overflow vulnerability found in VMware Workstation and Fusion products that could allow a malicious actor with local admin privileges to execute code on the virtual machine's VMX process running on the host. The vulnerability has been patched by VMware, along with three other security vulnerabilities. It was also exploited during the Pwn2Own Vancouver event, earning the contestant $80,000. The patch for the vulnerability was released in late April, and organizations are urged to update their affected products promptly to mitigate the risk of exploitation. The exploitation of the vulnerability could result in unauthorized access and control over affected systems, with potential impacts including data breaches, system compromise, and further spread of malware.",Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,8.2,HIGH,0.0016299999551847577,false,,true,false,true,2023-05-18T10:50:51.000Z,,false,false,,2023-04-25T00:00:00.000Z,0
CVE-2023-20870,https://securityvulnerability.io/vulnerability/CVE-2023-20870,Out-of-Bounds Read Vulnerability in VMware Workstation and Fusion,VMware Workstation and Fusion have a vulnerability that arises from improper handling of memory during the sharing of Bluetooth devices from the host to a virtual machine. This flaw may allow an attacker to access sensitive information or execute unauthorized operations within a virtual environment.,Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,6,MEDIUM,0.0014100000262260437,false,,true,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0
CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,"Heap Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion have a vulnerability within the USB 2.0 controller (EHCI) that allows a malicious actor with local administrative privileges on a virtual machine to exploit this flaw. Successful exploitation could lead to the execution of arbitrary code within the virtual machine's VMX process on the host system. On ESXi, this exploitation is restricted to the VMX sandbox, while on Workstation and Fusion, it has the potential to execute code directly on the host machine. Maintaining the latest security patches is crucial for safeguarding against this vulnerability.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,,false,false,true,2023-01-09T04:27:15.000Z,true,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2021-21989,https://securityvulnerability.io/vulnerability/CVE-2021-21989,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a security flaw due to an out-of-bounds read in the Cortado ThinPrint component. An attacker with access to a virtual machine or remote desktop could exploit this vulnerability, potentially leading to the disclosure of sensitive information from the TPView process on the affected system. Users of these products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:43:34.000Z,0
CVE-2021-21988,https://securityvulnerability.io/vulnerability/CVE-2021-21988,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows are impacted by an out-of-bounds read vulnerability found in the Cortado ThinPrint component, specifically in the JPEG2000 Parser. When exploited by a malicious user who has access to a virtual machine or remote desktop session, this vulnerability can lead to unauthorized information disclosure from the TPView process. This issue exists in versions of VMware Workstation prior to 16.1.2 and Horizon Client for Windows prior to 5.5.2, highlighting the importance of keeping software updated to safeguard against potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:35:00.000Z,0
CVE-2021-21987,https://securityvulnerability.io/vulnerability/CVE-2021-21987,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a vulnerability in the Cortado ThinPrint component that allows for out-of-bounds reads. This flaw can potentially be exploited by malicious actors who have access to a virtual machine or remote desktop, leading to unauthorized information disclosure from the TPView process. It is crucial for users to apply the recommended updates to safeguard their systems from potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:34:55.000Z,0
CVE-2008-4916,https://securityvulnerability.io/vulnerability/CVE-2008-4916,,"Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.",Vmware,"Vmware Player,Vmware Esx,Vmware Ace,Vmware Server,Vmware Workstation,Vmware Esxi",,,0.0006200000061653554,false,,false,false,false,,,false,false,,2009-04-06T15:00:00.000Z,0
CVE-2009-0177,https://securityvulnerability.io/vulnerability/CVE-2009-0177,,"vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.",Vmware,"Ace,Vmware Player,Vmware Workstation,Server,Fusion",,,0.09364999830722809,false,,false,false,false,,,false,false,,2009-01-20T15:26:00.000Z,0
CVE-2008-0967,https://securityvulnerability.io/vulnerability/CVE-2008-0967,,"Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.",Vmware,"Esx Server,Player,Vmware Server,Vmware Workstation,Workstation,Esxi,Server,Esx",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2008-06-05T20:21:00.000Z,0
CVE-2007-5671,https://securityvulnerability.io/vulnerability/CVE-2007-5671,,"HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.",Vmware,"Vmware Player,Ace,Vmware Server,Vmware Workstation,Workstation,Player,Esx Server,Server,Esx",,,0.000699999975040555,false,,false,false,false,,,false,false,,2008-06-05T20:21:00.000Z,0
CVE-2008-2098,https://securityvulnerability.io/vulnerability/CVE-2008-2098,,"Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.",Vmware,"Vmware Player 2,Fusion,Workstation,Ace 2,Vmware Workstation",,,0.0010499999625608325,false,,false,false,false,,,false,false,,2008-06-02T14:00:00.000Z,0
CVE-2008-2099,https://securityvulnerability.io/vulnerability/CVE-2008-2099,,"Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.",Vmware,"Ace 2,Vmware Player 2,Vmware Workstation,Workstation",,,0.0009699999936856329,false,,false,false,false,,,false,false,,2008-06-02T14:00:00.000Z,0
CVE-2008-1362,https://securityvulnerability.io/vulnerability/CVE-2008-1362,,"VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an ""insecurely created named pipe,"" a different vulnerability than CVE-2008-1361.",Vmware,"Ace,Player,Workstation,Vmware Workstation,Vmware Server,Server",,,0.0005200000014156103,false,,false,false,false,,,false,false,,2008-03-20T00:00:00.000Z,0
CVE-2008-1340,https://securityvulnerability.io/vulnerability/CVE-2008-1340,,"Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger ""memory exhaustion and memory corruption.""",Vmware,"Ace,Player,Workstation,Vmware Workstation,Vmware Server,Server",,,0.04772000014781952,false,,false,false,false,,,false,false,,2008-03-20T00:00:00.000Z,0
CVE-2008-1361,https://securityvulnerability.io/vulnerability/CVE-2008-1361,,"VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.",Vmware,"Ace,Vmware Server,Player,Workstation,Vmware Workstation,Server",,,0.0005200000014156103,false,,false,false,false,,,false,false,,2008-03-20T00:00:00.000Z,0
CVE-2008-1364,https://securityvulnerability.io/vulnerability/CVE-2008-1364,,"Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.",Vmware,"Ace,Player,Workstation,Vmware Workstation,Vmware Server,Server",,,0.009530000388622284,false,,false,false,false,,,false,false,,2008-03-20T00:00:00.000Z,0
CVE-2008-1392,https://securityvulnerability.io/vulnerability/CVE-2008-1392,,"The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.",Vmware,"Ace,Player,Vmware Workstation",,,0.013059999793767929,false,,false,false,false,,,false,false,,2008-03-20T00:00:00.000Z,0
CVE-2008-0923,https://securityvulnerability.io/vulnerability/CVE-2008-0923,,"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a ""%c0%2e%c0%2e"" string.",Vmware,"Vmware Player,Ace,Workstation,Player,Vmware Workstation",,,0.0008500000112690032,false,,false,false,false,,,false,false,,2008-02-26T00:00:00.000Z,0
CVE-2007-5438,https://securityvulnerability.io/vulnerability/CVE-2007-5438,,"Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.",Vmware,"Vmware Player,Ace,Vmware Server,Vmware Workstation",,,0.0007399999885819852,false,,false,false,false,,,false,false,,2007-10-13T01:00:00.000Z,0
CVE-2007-0062,https://securityvulnerability.io/vulnerability/CVE-2007-0062,,"Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.",Vmware,"Workstation,Ace,Player,Server,Vmware Workstation",,,0.27379998564720154,false,,false,false,false,,,false,false,,2007-09-21T18:00:00.000Z,0