cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-20869,https://securityvulnerability.io/vulnerability/CVE-2023-20869,VMware Workstation and Fusion Buffer Overflow Vulnerability,"The CVE-2023-20869 is a critical stack-based buffer overflow vulnerability found in VMware Workstation and Fusion products that could allow a malicious actor with local admin privileges to execute code on the virtual machine's VMX process running on the host. The vulnerability has been patched by VMware, along with three other security vulnerabilities. It was also exploited during the Pwn2Own Vancouver event, earning the contestant $80,000. The patch for the vulnerability was released in late April, and organizations are urged to update their affected products promptly to mitigate the risk of exploitation. The exploitation of the vulnerability could result in unauthorized access and control over affected systems, with potential impacts including data breaches, system compromise, and further spread of malware.",Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,8.2,HIGH,0.002259999979287386,false,true,false,true,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2023-20872,https://securityvulnerability.io/vulnerability/CVE-2023-20872,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read/Write Flaw Affects SCSI CD/DVD Device Emulation,"VMware Workstation and Fusion have a vulnerability in their SCSI CD/DVD device emulation that can lead to an out-of-bounds read/write situation. This could potentially allow an attacker to execute arbitrary code, impacting the confidentiality, integrity, and availability of the system. Users are advised to review the security advisory for mitigation steps.",Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,8.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2023-20870,https://securityvulnerability.io/vulnerability/CVE-2023-20870,,VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.,Vmware,VMware Workstation Pro / Player (Workstation) and VMware Fusion,6,MEDIUM,0.0014100000262260437,false,true,false,false,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,,"VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,false,false,true,true,false,false,2022-12-14T00:00:00.000Z,0
CVE-2021-21989,https://securityvulnerability.io/vulnerability/CVE-2021-21989,,VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.,Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2021-05-24T11:43:34.000Z,0
CVE-2021-21988,https://securityvulnerability.io/vulnerability/CVE-2021-21988,,VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.,Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2021-05-24T11:35:00.000Z,0
CVE-2021-21987,https://securityvulnerability.io/vulnerability/CVE-2021-21987,,VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.,Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2021-05-24T11:34:55.000Z,0
CVE-2017-4949,https://securityvulnerability.io/vulnerability/CVE-2017-4949,,VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.,Vmware,"Workstation Pro / Player,Fusion",7,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2018-01-11T14:29:00.000Z,0
CVE-2017-4950,https://securityvulnerability.io/vulnerability/CVE-2017-4950,,VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.,Vmware,"Workstation Pro / Player,Fusion",7,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2018-01-11T14:29:00.000Z,0
CVE-2017-4901,https://securityvulnerability.io/vulnerability/CVE-2017-4901,,The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.,Vmware,"Workstation Pro/player,Fusion Pro / Fusion",9.9,CRITICAL,0.003700000001117587,false,false,false,false,,false,false,2017-06-08T13:00:00.000Z,0
CVE-2017-4903,https://securityvulnerability.io/vulnerability/CVE-2017-4903,,"VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.",Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",8.8,HIGH,0.002899999963119626,false,false,false,false,,false,false,2017-06-07T18:00:00.000Z,0
CVE-2017-4905,https://securityvulnerability.io/vulnerability/CVE-2017-4905,,"VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.",Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",5.5,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2017-06-07T18:00:00.000Z,0
CVE-2017-4904,https://securityvulnerability.io/vulnerability/CVE-2017-4904,,"The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.",Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",8.8,HIGH,0.002899999963119626,false,false,false,false,,false,false,2017-06-07T18:00:00.000Z,0
CVE-2017-4902,https://securityvulnerability.io/vulnerability/CVE-2017-4902,,VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.,Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",8.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2017-06-07T18:00:00.000Z,0
CVE-2016-7461,https://securityvulnerability.io/vulnerability/CVE-2016-7461,,The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.,Vmware,"Fusion,Fusion Pro,Workstation Player,Workstation Pro",8.8,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2016-7081,https://securityvulnerability.io/vulnerability/CVE-2016-7081,,"Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2016-7082,https://securityvulnerability.io/vulnerability/CVE-2016-7082,,"VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2016-7083,https://securityvulnerability.io/vulnerability/CVE-2016-7083,,"VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0012100000167265534,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2016-7086,https://securityvulnerability.io/vulnerability/CVE-2016-7086,,The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.,Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2016-7084,https://securityvulnerability.io/vulnerability/CVE-2016-7084,,"tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0012100000167265534,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2016-7085,https://securityvulnerability.io/vulnerability/CVE-2016-7085,,Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.,Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2016-12-29T09:02:00.000Z,0
CVE-2016-5330,https://securityvulnerability.io/vulnerability/CVE-2016-5330,,"Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.",Vmware,"Workstation Player,Workstation Pro,Esxi",7.8,HIGH,0.043150000274181366,false,false,false,false,,false,false,2016-08-08T01:00:00.000Z,0