Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fusion
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 120 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-01-11 | CVE-2017-4949 | VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. | Fusion, Workstation | 7.0 | ||
| 2017-11-17 | CVE-2017-4938 | VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | Fusion, Workstation | 6.5 | ||
| 2017-11-17 | CVE-2017-4934 | VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. | Fusion, Workstation | 8.8 | ||
| 2017-06-08 | CVE-2017-4901 | The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. | Fusion, Workstation | 9.9 | ||
| 2016-12-29 | CVE-2016-7461 | The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. | Fusion, Fusion_pro, Workstation_player, Workstation_pro | 8.8 | ||
| 2016-12-29 | CVE-2016-5329 | VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | Fusion | 5.5 | ||
| 2016-01-09 | CVE-2015-6933 | The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. | Esxi, Fusion, Player, Workstation | 6.3 | ||
| 2015-06-13 | CVE-2015-2341 | VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command. | Fusion, Player, Workstation | N/A | ||
| 2015-06-13 | CVE-2015-2340 | TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors. | Fusion, Horizon_client, Horizon_view_client, Player, Workstation | N/A | ||
| 2015-06-13 | CVE-2015-2339 | TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338. | Fusion, Horizon_client, Horizon_view_client, Player, Workstation | N/A |