cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-22273,https://securityvulnerability.io/vulnerability/CVE-2024-22273,VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks,"The vulnerability involves an out-of-bounds read/write issue within the storage controllers of VMware ESXi, Workstation, and Fusion. A malicious actor with access to a virtual machine enabled with these storage controllers can exploit this vulnerability. The exploitation may result in a denial of service condition or allow the execution of arbitrary code on the hypervisor, especially when leveraged in conjunction with other vulnerabilities. This situation poses significant risk to virtualized environments relying on VMware's products, underscoring the necessity for timely security updates and patches.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation (esxi)",8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-21T17:29:05.426Z,0 CVE-2024-22255,https://securityvulnerability.io/vulnerability/CVE-2024-22255,Information disclosure vulnerability,"VMware ESXi, Workstation, and Fusion have a vulnerability within the UHCI USB controller that may lead to information disclosure. If an attacker gains administrative access to a virtual machine, they could potentially exploit this vulnerability to extract sensitive memory content from the vmx process, posing risks to data confidentiality and system integrity. Users are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-05T17:58:35.987Z,0 CVE-2024-22253,https://securityvulnerability.io/vulnerability/CVE-2024-22253,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the UHCI USB controller. This flaw allows a malicious user with local administrative privileges on a virtual machine to exploit the vulnerability, potentially executing arbitrary code within the VMX process on the host system. On ESXi, this exploitation is limited to the VMX sandbox environment. In contrast, on Workstation and Fusion, successful exploitation could permit the execution of code directly on the host machine, posing a significant security risk to users.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-03-05T17:57:27.297Z,0 CVE-2024-22252,https://securityvulnerability.io/vulnerability/CVE-2024-22252,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the XHCI USB controller. This threat arises from the ability of a malicious actor who has local administrative privileges on a virtual machine to exploit this vulnerability, potentially leading to code execution as the virtual machine's VMX process on the host. While exploitation on ESXi remains within the VMX sandbox, vulnerabilities in Workstation and Fusion may enable code execution on the host machines. Administrators should prioritize patching to mitigate potential security risks.",VMWare,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-08-15T23:15:06.000Z,,true,false,,2024-03-05T17:57:22.043Z,3285 CVE-2024-22251,https://securityvulnerability.io/vulnerability/CVE-2024-22251,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read in USB CCID,"VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. ",VMware,"Vmware Workstation,Vmware Fusion",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T01:44:00.000Z,0 CVE-2023-20872,https://securityvulnerability.io/vulnerability/CVE-2023-20872,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read/Write Flaw Affects SCSI CD/DVD Device Emulation,"VMware Workstation and Fusion have a vulnerability in their SCSI CD/DVD device emulation that can lead to an out-of-bounds read/write situation. This could potentially allow an attacker to execute arbitrary code, impacting the confidentiality, integrity, and availability of the system. Users are advised to review the security advisory for mitigation steps.",Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0 CVE-2023-20869,https://securityvulnerability.io/vulnerability/CVE-2023-20869,VMware Workstation and Fusion Buffer Overflow Vulnerability,"The CVE-2023-20869 is a critical stack-based buffer overflow vulnerability found in VMware Workstation and Fusion products that could allow a malicious actor with local admin privileges to execute code on the virtual machine's VMX process running on the host. The vulnerability has been patched by VMware, along with three other security vulnerabilities. It was also exploited during the Pwn2Own Vancouver event, earning the contestant $80,000. The patch for the vulnerability was released in late April, and organizations are urged to update their affected products promptly to mitigate the risk of exploitation. The exploitation of the vulnerability could result in unauthorized access and control over affected systems, with potential impacts including data breaches, system compromise, and further spread of malware.",Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,8.2,HIGH,0.0016299999551847577,false,,true,false,true,2023-05-18T10:50:51.000Z,,false,false,,2023-04-25T00:00:00.000Z,0 CVE-2023-20870,https://securityvulnerability.io/vulnerability/CVE-2023-20870,Out-of-Bounds Read Vulnerability in VMware Workstation and Fusion,VMware Workstation and Fusion have a vulnerability that arises from improper handling of memory during the sharing of Bluetooth devices from the host to a virtual machine. This flaw may allow an attacker to access sensitive information or execute unauthorized operations within a virtual environment.,Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,6,MEDIUM,0.0014100000262260437,false,,true,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0 CVE-2023-20854,https://securityvulnerability.io/vulnerability/CVE-2023-20854,Arbitrary File Deletion Vulnerability in VMware Workstation,"VMware Workstation is affected by a vulnerability that allows local users to delete arbitrary files from the host file system. This issue can be exploited by an attacker with local user privileges, posing a significant risk to data integrity on systems where the software is installed. The vulnerability highlights the importance of maintaining strict user access controls and ensuring that only trusted individuals have local access to systems running VMware Workstation.",Vmware,VMware Workstation,8.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0 CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,"Heap Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion have a vulnerability within the USB 2.0 controller (EHCI) that allows a malicious actor with local administrative privileges on a virtual machine to exploit this flaw. Successful exploitation could lead to the execution of arbitrary code within the virtual machine's VMX process on the host system. On ESXi, this exploitation is restricted to the VMX sandbox, while on Workstation and Fusion, it has the potential to execute code directly on the host machine. Maintaining the latest security patches is crucial for safeguarding against this vulnerability.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,,false,false,true,2023-01-09T04:27:15.000Z,true,false,false,,2022-12-14T00:00:00.000Z,0 CVE-2022-22983,https://securityvulnerability.io/vulnerability/CVE-2022-22983,Unprotected Storage Vulnerability in VMware Workstation,"VMware Workstation versions prior to 16.2.4 are susceptible to a vulnerability that allows local users with limited privileges to access stored credentials. This may lead to the exposure of user passwords for remote servers connected through the application, posing a significant risk to data confidentiality and security.",Vmware,Vmware Workstation,5.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-10T20:15:00.000Z,0 CVE-2021-22041,https://securityvulnerability.io/vulnerability/CVE-2021-22041,"Double-Fetch Vulnerability in VMware ESXi, Workstation, and Fusion USB Controller","VMware ESXi, Workstation, and Fusion have a double-fetch vulnerability within the UHCI USB controller. This flaw allows an attacker with local administrative access on a virtual machine to exploit the issue, leading to unauthorized code execution in the VMX process on the host machine. Proper security guidance is essential to mitigate this risk.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-16T16:37:54.000Z,0 CVE-2021-22040,https://securityvulnerability.io/vulnerability/CVE-2021-22040,"Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion USB Controller","VMware ESXi, Workstation, and Fusion are impacted by a use-after-free vulnerability in the XHCI USB controller. This security flaw can be exploited by a malicious actor who possesses local administrative privileges on a virtual machine, enabling them to execute code in the context of the VMX process on the host. This could potentially lead to unauthorized control and manipulation of the affected systems.",Vmware,"Vmware Esxi , Workstation, Fusion And Vmware Cloud Foundation",6.7,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-16T16:37:53.000Z,0 CVE-2021-22045,https://securityvulnerability.io/vulnerability/CVE-2021-22045,Heap Overflow Vulnerability in VMware ESXi and Workstation Products,"A heap overflow vulnerability exists in VMware ESXi, Workstation, and Fusion related to CD-ROM device emulation. Malicious actors with access to a vulnerable virtual machine could exploit this flaw, potentially leading to code execution on the hypervisor. Products affected include VMware ESXi versions 7.0, 6.7 (prior to ESXi670-202111101-SG), 6.5 (prior to ESXi650-202110101-SG), VMware Workstation 16.2.0, and VMware Fusion 12.2.0, emphasizing the need for prompt updates and security measures.",Vmware,"Vmware Esxi, Vmware Workstation And Vmware Fusion",7.8,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2022-01-04T21:39:03.000Z,0 CVE-2020-3960,https://securityvulnerability.io/vulnerability/CVE-2020-3960,"Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion are impacted by an out-of-bounds read vulnerability associated with the NVMe functionality. This issue allows a local malicious actor with non-administrative access to a virtual machine configured with a virtual NVMe controller to potentially exploit the flaw and access privileged information stored in physical memory. It is crucial for users to be aware of this vulnerability and apply necessary patches to safeguard their systems.",Vmware,"Vmware Esxi, Workstation, And Fusion",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-09-15T12:14:02.000Z,0 CVE-2021-21989,https://securityvulnerability.io/vulnerability/CVE-2021-21989,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a security flaw due to an out-of-bounds read in the Cortado ThinPrint component. An attacker with access to a virtual machine or remote desktop could exploit this vulnerability, potentially leading to the disclosure of sensitive information from the TPView process on the affected system. Users of these products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:43:34.000Z,0 CVE-2021-21988,https://securityvulnerability.io/vulnerability/CVE-2021-21988,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows are impacted by an out-of-bounds read vulnerability found in the Cortado ThinPrint component, specifically in the JPEG2000 Parser. When exploited by a malicious user who has access to a virtual machine or remote desktop session, this vulnerability can lead to unauthorized information disclosure from the TPView process. This issue exists in versions of VMware Workstation prior to 16.1.2 and Horizon Client for Windows prior to 5.5.2, highlighting the importance of keeping software updated to safeguard against potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:35:00.000Z,0 CVE-2021-21987,https://securityvulnerability.io/vulnerability/CVE-2021-21987,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a vulnerability in the Cortado ThinPrint component that allows for out-of-bounds reads. This flaw can potentially be exploited by malicious actors who have access to a virtual machine or remote desktop, leading to unauthorized information disclosure from the TPView process. It is crucial for users to apply the recommended updates to safeguard their systems from potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:34:55.000Z,0 CVE-2020-3999,https://securityvulnerability.io/vulnerability/CVE-2020-3999,"Denial of Service Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, Fusion, and Cloud Foundation are susceptible to a denial of service vulnerability stemming from inadequate input validation in GuestInfo. This flaw enables a malicious user with standard privileges to compromise a virtual machine, resulting in the crashing of the vmx process. Consequently, this leads to a denial of service condition, impacting the availability of virtualized resources.",Vmware,"Vmware Esxi, Vmware Workstation,vmware Fusion And Vmware Cloud Foundation",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-12-21T15:14:08.000Z,0 CVE-2020-4004,https://securityvulnerability.io/vulnerability/CVE-2020-4004,"Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion","A use-after-free vulnerability exists in the XHCI USB controller of VMware products, allowing attackers with local administrative privileges on a virtual machine to execute arbitrary code in the context of the VMX process on the host. This could lead to unauthorized actions within the virtual machine environment, posing a significant security risk to affected VMware installations. Proper updates and patches are required to mitigate the risk associated with this vulnerability.",Vmware,"Vmware Esxi,Workstation,Fusion",8.2,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-11-20T19:06:28.000Z,0 CVE-2020-3995,https://securityvulnerability.io/vulnerability/CVE-2020-3995,Memory Leak Vulnerability in VMware Hypervisors and Workstation,"VMware has identified a memory leak vulnerability within the VMCI host drivers used by its hypervisors, including ESXi and Workstation. This vulnerability allows a malicious actor with access to a virtual machine to induce a memory leak, which over time can lead to memory resource exhaustion on the hypervisor. If exploited, this issue could affect the performance and stability of the virtualization environment, causing a denial of service. It is essential for administrators to apply the latest patches to mitigate potential risks associated with this vulnerability.",Vmware,"Vmware Esxi, Workstation, Fusion",5.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2020-10-20T16:14:34.000Z,0 CVE-2020-3982,https://securityvulnerability.io/vulnerability/CVE-2020-3982,"Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion products are susceptible to an out-of-bounds write vulnerability stemming from a time-of-check time-of-use issue in ACPI device handling. This flaw allows an attacker with administrative access to a compromised virtual machine to potentially exploit the vulnerability, leading to a crash of the virtual machine's vmx process or corruption within the hypervisor's memory heap. Proper patching is essential to mitigate this risk.",Vmware,"Vmware Esxi, Workstation, Fusion",7.7,HIGH,0.0020800000056624413,false,,false,false,false,,,false,false,,2020-10-20T16:09:04.000Z,0 CVE-2020-3981,https://securityvulnerability.io/vulnerability/CVE-2020-3981,Out-of-Bounds Read Vulnerability in VMware ESXi and Workstation Products,An out-of-bounds read vulnerability exists in VMware's ESXi and Workstation products due to a time-of-check time-of-use flaw in the ACPI device. An attacker with administrative access to a virtual machine could exploit this vulnerability to leak sensitive information from the memory of the vmx process. Prompt updates and patches are essential to mitigate potential risks associated with this issue.,Vmware,"Vmware Esxi, Workstation, Fusion",5.8,MEDIUM,0.002199999988079071,false,,false,false,false,,,false,false,,2020-10-20T16:08:56.000Z,0 CVE-2020-3990,https://securityvulnerability.io/vulnerability/CVE-2020-3990,Information Disclosure Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation (15.x) and Horizon Client for Windows (5.x prior to 5.4.4) contain a vulnerability stemming from an integer overflow issue in the Cortado ThinPrint component. A malicious actor with access to a virtual machine can exploit this vulnerability to disclose sensitive memory information from the TPView process running on the host system. Notably, exploitation is only possible if the virtual printing feature is enabled; while this is not enabled by default on Workstation, it is enabled by default on Horizon Client.",Vmware,Vmware Workstation And Horizon Client For Windows,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-09-16T16:17:17.000Z,0 CVE-2020-3989,https://securityvulnerability.io/vulnerability/CVE-2020-3989,Denial of Service Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows contain a vulnerability in the Cortado ThinPrint component that may allow an attacker with normal access to a virtual machine to exploit an out-of-bounds write issue. If successful, this could lead to a partial denial-of-service condition on the host system where these applications are installed. It is important to note that exploitation is only feasible if the virtual printing feature is enabled, which is not enabled by default in Workstation but is enabled by default in Horizon Client.",Vmware,Vmware Workstation And Horizon Client For Windows,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-09-16T16:17:11.000Z,0