Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Filtered by product Workstation Player
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22040 1 Vmware 5 Cloud Foundation, Esxi, Fusion and 2 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVE-2020-3990 1 Vmware 3 Horizon Client, Workstation Player, Workstation Pro 2024-11-21 2.1 LOW 6.5 MEDIUM
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
CVE-2020-3989 1 Vmware 3 Horizon Client, Workstation Player, Workstation Pro 2024-11-21 2.1 LOW 3.3 LOW
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
CVE-2020-3988 1 Vmware 3 Horizon Client, Workstation Player, Workstation Pro 2024-11-21 3.6 LOW 6.1 MEDIUM
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVE-2020-3987 1 Vmware 3 Horizon Client, Workstation Player, Workstation Pro 2024-11-21 3.6 LOW 6.1 MEDIUM
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVE-2020-3986 1 Vmware 3 Horizon Client, Workstation Player, Workstation Pro 2024-11-21 3.6 LOW 6.1 MEDIUM
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVE-2020-3982 2 Apple, Vmware 6 Mac Os X, Cloud Foundation, Esxi and 3 more 2024-11-21 4.9 MEDIUM 7.7 HIGH
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
CVE-2018-6957 1 Vmware 3 Fusion, Workstation Player, Workstation Pro 2024-11-21 3.5 LOW 5.3 MEDIUM
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
CVE-2018-5511 3 F5, Microsoft, Vmware 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
CVE-2017-4916 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
CVE-2017-4915 2 Linux, Vmware 3 Linux Kernel, Workstation Player, Workstation Pro 2024-11-21 7.2 HIGH 7.8 HIGH
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
CVE-2017-4905 2 Apple, Vmware 6 Mac Os X, Esxi, Fusion and 3 more 2024-11-21 2.1 LOW 5.5 MEDIUM
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
CVE-2017-4904 2 Apple, Vmware 6 Mac Os X, Esxi, Fusion and 3 more 2024-11-21 7.2 HIGH 8.8 HIGH
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
CVE-2017-4903 2 Apple, Vmware 6 Mac Os X, Esxi, Fusion and 3 more 2024-11-21 7.2 HIGH 8.8 HIGH
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
CVE-2017-4902 2 Apple, Vmware 6 Mac Os X, Esxi, Fusion and 3 more 2024-11-21 7.2 HIGH 8.8 HIGH
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
CVE-2017-4900 1 Vmware 2 Workstation Player, Workstation Pro 2024-11-21 2.1 LOW 5.5 MEDIUM
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CVE-2017-4899 1 Vmware 2 Workstation Player, Workstation Pro 2024-11-21 1.9 LOW 4.7 MEDIUM
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.
CVE-2017-4898 1 Vmware 2 Workstation Player, Workstation Pro 2024-11-21 6.9 MEDIUM 8.8 HIGH
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
CVE-2016-7461 2 Microsoft, Vmware 5 Windows, Fusion, Fusion Pro and 2 more 2024-11-21 7.2 HIGH 8.8 HIGH
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
CVE-2016-7086 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 7.2 HIGH 7.8 HIGH
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.