cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20870,https://securityvulnerability.io/vulnerability/CVE-2023-20870,Out-of-Bounds Read Vulnerability in VMware Workstation and Fusion,VMware Workstation and Fusion have a vulnerability that arises from improper handling of memory during the sharing of Bluetooth devices from the host to a virtual machine. This flaw may allow an attacker to access sensitive information or execute unauthorized operations within a virtual environment.,Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,6,MEDIUM,0.0014100000262260437,false,,true,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0
CVE-2023-20872,https://securityvulnerability.io/vulnerability/CVE-2023-20872,VMware Workstation and Fusion Vulnerability: Out-of-Bounds Read/Write Flaw Affects SCSI CD/DVD Device Emulation,"VMware Workstation and Fusion have a vulnerability in their SCSI CD/DVD device emulation that can lead to an out-of-bounds read/write situation. This could potentially allow an attacker to execute arbitrary code, impacting the confidentiality, integrity, and availability of the system. Users are advised to review the security advisory for mitigation steps.",Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0
CVE-2023-20869,https://securityvulnerability.io/vulnerability/CVE-2023-20869,VMware Workstation and Fusion Buffer Overflow Vulnerability,"The CVE-2023-20869 is a critical stack-based buffer overflow vulnerability found in VMware Workstation and Fusion products that could allow a malicious actor with local admin privileges to execute code on the virtual machine's VMX process running on the host. The vulnerability has been patched by VMware, along with three other security vulnerabilities. It was also exploited during the Pwn2Own Vancouver event, earning the contestant $80,000. The patch for the vulnerability was released in late April, and organizations are urged to update their affected products promptly to mitigate the risk of exploitation. The exploitation of the vulnerability could result in unauthorized access and control over affected systems, with potential impacts including data breaches, system compromise, and further spread of malware.",Vmware,Vmware Workstation Pro / Player (workstation) And Vmware Fusion,8.2,HIGH,0.0016299999551847577,false,,true,false,true,2023-05-18T10:50:51.000Z,,false,false,,2023-04-25T00:00:00.000Z,0
CVE-2022-31705,https://securityvulnerability.io/vulnerability/CVE-2022-31705,"Heap Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion","VMware ESXi, Workstation, and Fusion have a vulnerability within the USB 2.0 controller (EHCI) that allows a malicious actor with local administrative privileges on a virtual machine to exploit this flaw. Successful exploitation could lead to the execution of arbitrary code within the virtual machine's VMX process on the host system. On ESXi, this exploitation is restricted to the VMX sandbox, while on Workstation and Fusion, it has the potential to execute code directly on the host machine. Maintaining the latest security patches is crucial for safeguarding against this vulnerability.",Vmware,"Vmware Esxi, Vmware Workstation Pro / Player, Vmware Fusion Pro / Fusion (fusion), Vmware Cloud Foundation",8.2,HIGH,0.0004400000034365803,false,,false,false,true,2023-01-09T04:27:15.000Z,true,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2021-21989,https://securityvulnerability.io/vulnerability/CVE-2021-21989,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a security flaw due to an out-of-bounds read in the Cortado ThinPrint component. An attacker with access to a virtual machine or remote desktop could exploit this vulnerability, potentially leading to the disclosure of sensitive information from the TPView process on the affected system. Users of these products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:43:34.000Z,0
CVE-2021-21988,https://securityvulnerability.io/vulnerability/CVE-2021-21988,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows are impacted by an out-of-bounds read vulnerability found in the Cortado ThinPrint component, specifically in the JPEG2000 Parser. When exploited by a malicious user who has access to a virtual machine or remote desktop session, this vulnerability can lead to unauthorized information disclosure from the TPView process. This issue exists in versions of VMware Workstation prior to 16.1.2 and Horizon Client for Windows prior to 5.5.2, highlighting the importance of keeping software updated to safeguard against potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:35:00.000Z,0
CVE-2021-21987,https://securityvulnerability.io/vulnerability/CVE-2021-21987,Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client,"VMware Workstation and Horizon Client for Windows have a vulnerability in the Cortado ThinPrint component that allows for out-of-bounds reads. This flaw can potentially be exploited by malicious actors who have access to a virtual machine or remote desktop, leading to unauthorized information disclosure from the TPView process. It is crucial for users to apply the recommended updates to safeguard their systems from potential exploitation.",Vmware,"Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-05-24T11:34:55.000Z,0
CVE-2017-4949,https://securityvulnerability.io/vulnerability/CVE-2017-4949,,VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.,Vmware,"Workstation Pro / Player,Fusion",7,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-01-11T14:29:00.000Z,0
CVE-2017-4950,https://securityvulnerability.io/vulnerability/CVE-2017-4950,,VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.,Vmware,"Workstation Pro / Player,Fusion",7,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2018-01-11T14:29:00.000Z,0
CVE-2017-4901,https://securityvulnerability.io/vulnerability/CVE-2017-4901,,The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.,Vmware,"Workstation Pro/player,Fusion Pro / Fusion",9.9,CRITICAL,0.003700000001117587,false,,false,false,false,,,false,false,,2017-06-08T13:00:00.000Z,0
CVE-2017-4902,https://securityvulnerability.io/vulnerability/CVE-2017-4902,,VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.,Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",8.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2017-06-07T18:00:00.000Z,0
CVE-2017-4903,https://securityvulnerability.io/vulnerability/CVE-2017-4903,,"VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.",Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",8.8,HIGH,0.002899999963119626,false,,false,false,false,,,false,false,,2017-06-07T18:00:00.000Z,0
CVE-2017-4904,https://securityvulnerability.io/vulnerability/CVE-2017-4904,,"The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.",Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",8.8,HIGH,0.002899999963119626,false,,false,false,false,,,false,false,,2017-06-07T18:00:00.000Z,0
CVE-2017-4905,https://securityvulnerability.io/vulnerability/CVE-2017-4905,,"VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.",Vmware,"Esxi,Workstation Pro / Player,Fusion Pro / Fusion",5.5,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2017-06-07T18:00:00.000Z,0
CVE-2016-7081,https://securityvulnerability.io/vulnerability/CVE-2016-7081,,"Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-7086,https://securityvulnerability.io/vulnerability/CVE-2016-7086,,The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.,Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-7461,https://securityvulnerability.io/vulnerability/CVE-2016-7461,,The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.,Vmware,"Fusion,Fusion Pro,Workstation Player,Workstation Pro",8.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-7085,https://securityvulnerability.io/vulnerability/CVE-2016-7085,,Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.,Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-7084,https://securityvulnerability.io/vulnerability/CVE-2016-7084,,"tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0012100000167265534,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-7082,https://securityvulnerability.io/vulnerability/CVE-2016-7082,,"VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-7083,https://securityvulnerability.io/vulnerability/CVE-2016-7083,,"VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.",Vmware,"Workstation Player,Workstation Pro",7.8,HIGH,0.0012100000167265534,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-5330,https://securityvulnerability.io/vulnerability/CVE-2016-5330,,"Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.",Vmware,"Workstation Player,Workstation Pro,Esxi",7.8,HIGH,0.043150000274181366,false,,false,false,false,,,false,false,,2016-08-08T01:00:00.000Z,0