threat
engine
.sh
Back
·
··:··
Home
/
Product
/
vmware fusion
Product
vmware fusion
168 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-41702
< 26h1
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID b
7.8
HIGH
CVE-2026-4369
< 2702.1.47
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked b
7.1
HIGH
CVE-2026-4345
< 2702.1.47
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) v
7.1
HIGH
CVE-2026-4344
< 2702.1.47
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user
7.1
HIGH
CVE-2026-0535
< 2606.1.21
A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site S
8.1
HIGH
CVE-2026-0534
< 2606.1.21
A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scriptin
8.1
HIGH
CVE-2026-0533
< 2606.1.21
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, c
8.1
HIGH
CVE-2023-7312
< 4.2.0
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email
4.8
MEDIUM
CVE-2023-53690
< 4.2.0
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-ser
4.8
MEDIUM
CVE-2023-53689
< 4.2.0
Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configurati
4.8
MEDIUM
CVE-2018-25119
< 4.1.5
Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficien
6.1
MEDIUM
CVE-2017-20209
all versions
Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficien
6.1
MEDIUM
CVE-2025-60425
all versions
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechani
8.6
HIGH
CVE-2025-60424
all versions
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authen
7.6
HIGH
CVE-2025-10244
>= 2602.1.25 and < 2604.1.25
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scri
8.7
HIGH
CVE-2025-22226
>= 13.0.0 and < 13.6.3
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A mal
7.1
HIGH
CVE-2024-42495
< 2.7.0.10
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only
6.5
MEDIUM
CVE-2024-39278
< 2.7.0.10
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only
4.2
MEDIUM
CVE-2024-38811
>= 13.0.0 and < 13.6
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A
8.8
HIGH
CVE-2024-22273
>= 13.0.0 and < 13.5.1
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor wi
8.1
HIGH
CVE-2024-22270
>= 13.0.0 and < 13.5.2
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality.
7.1
HIGH
CVE-2024-22269
>= 13.0.0 and < 13.5.2
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with lo
7.1
HIGH
CVE-2024-22268
>= 13.0.0 and < 13.5.2
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with no
7.1
HIGH
CVE-2024-22267
>= 13.0.0 and < 13.5.2
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local admin
9.3
CRITICAL
CVE-2024-22255
>= 13.0.0 and < 13.5.1
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious acto
7.1
HIGH
CVE-2024-22253
>= 13.0.0 and < 13.5.1
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with lo
9.3
CRITICAL
CVE-2024-22252
>= 13.0.0 and < 13.5.1
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with lo
9.3
CRITICAL
CVE-2024-22251
>= 13.0.0 and < 13.5.1
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicio
5.9
MEDIUM
CVE-2023-34045
>= 13.0.0 and < 13.5
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the fi
6.6
MEDIUM
CVE-2023-34046
>= 13.0.0 and < 13.5
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for
6.7
MEDIUM
CVE-2023-34044
>= 13.0.0 and < 13.5
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in
7.1
HIGH
CVE-2023-20870
>= 13.0.0 and < 13.0.2
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Blueto
6.0
MEDIUM
CVE-2023-20869
>= 13.0.0 and < 13.0.2
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the function
8.2
HIGH
CVE-2023-20872
all versions
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
8.8
HIGH
CVE-2023-20871
>= 13.0.0 and < 13.0.2
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating
7.8
HIGH
CVE-2022-31705
>= 12.0.0 and < 12.2.5
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A maliciou
8.2
HIGH
CVE-2022-38395
< 1.38.2601.0
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance T
7.8
HIGH
CVE-2021-40166
>= 2.0.10356 and < 2.0.11405
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already be
7.8
HIGH
CVE-2021-40165
>= 2.0.10356 and < 2.0.11405
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocate
7.8
HIGH
CVE-2021-40164
>= 2.0.10356 and < 2.0.11405
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execu
7.8
HIGH
CVE-2021-40163
>= 2.0.10356 and < 2.0.11405
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processi
7.8
HIGH
CVE-2021-40162
>= 2.0.10356 and < 2.0.11405
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated b
7.8
HIGH
CVE-2021-22043
< 4.4
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A mali
7.5
HIGH
CVE-2021-22041
>= 12.0.0 and < 12.2.1
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local
6.7
MEDIUM
CVE-2021-22040
>= 12.0.0 and < 12.2.1
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with loc
6.7
MEDIUM
CVE-2021-22045
>= 12.0.0 and < 12.2.0
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fus
7.8
HIGH
CVE-2020-3960
>= 11.0.0 and < 11.5.5
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (1
8.4
HIGH
CVE-2020-28911
<= 4.1.8
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to
6.5
MEDIUM
CVE-2020-28909
<= 4.1.8
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts.
8.8
HIGH
CVE-2020-28908
<= 4.1.8
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
9.8
CRITICAL
CVE-2020-28907
<= 4.1.8
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as r
9.8
CRITICAL
CVE-2020-28906
<= 4.1.8
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to r
8.8
HIGH
CVE-2020-28905
<= 4.1.8
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pag
8.8
HIGH
CVE-2020-28904
<= 4.1.8
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installatio
9.8
CRITICAL
CVE-2020-28903
<= 4.1.8
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject a
6.1
MEDIUM
CVE-2020-28902
<= 4.1.8
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
9.8
CRITICAL
CVE-2020-28901
<= 4.1.8
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related
9.8
CRITICAL
CVE-2020-28900
<= 4.1.8
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escal
9.8
CRITICAL
CVE-2020-3999
>= 11.5.0 and < 11.5.7
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12
6.5
MEDIUM
CVE-2020-4004
>= 11.0 and < 11.5.7
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x b
8.2
HIGH
CVE-2020-3995
>= 11.0.0 and < 11.1.0
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x
5.3
MEDIUM
CVE-2020-3982
>= 11.0 and < 11.5.6
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (1
7.7
HIGH
CVE-2020-3981
>= 11.0 and < 11.5.6
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (1
5.8
MEDIUM
CVE-2020-3980
>= 11.0.0 and < 12.0.0
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An a
6.7
MEDIUM
CVE-2020-3974
>= 11.0.0 and < 11.5.5
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x
7.8
HIGH
CVE-2020-3971
>= 11.0.0 and < 11.0.2
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (1
5.5
MEDIUM
CVE-2020-3970
>= 11.0.0 and < 11.5.5
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstatio
3.8
LOW
CVE-2020-3968
>= 11.0.0 and < 11.5.5
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstatio
8.2
HIGH
CVE-2020-3967
>= 11.0.0 and < 11.5.5
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstatio
7.5
HIGH
CVE-2020-3966
>= 11.0.0 and < 11.5.2
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstatio
7.5
HIGH
CVE-2020-3965
>= 11.0.0 and < 11.5.2
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstatio
5.5
MEDIUM
CVE-2020-3964
>= 11.0.0 and < 11.5.2
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstatio
4.7
MEDIUM
CVE-2020-3963
>= 11.0.0 and < 11.5.2
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstatio
5.5
MEDIUM
CVE-2020-3962
>= 11.0.0 and < 11.5.5
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstatio
8.2
HIGH
CVE-2020-3969
>= 11.0.0 and < 11.5.5
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstatio
7.8
HIGH
CVE-2020-3959
>= 11.0.0 and < 11.1.0
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMw
3.3
LOW
CVE-2020-3958
>= 11.0.0 and < 11.5.2
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMw
5.5
MEDIUM
CVE-2020-3957
>= 11.0.0 and < 11.5.5
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prio
7.0
HIGH
CVE-2020-3950
>= 11.0.0 and < 11.5.2
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x a
7.8
HIGH
CVE-2020-3948
>= 11.0.0 and < 11.5.2
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escal
7.8
HIGH
CVE-2020-3947
> 11.0.0 and < 11.5.2
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful
8.8
HIGH
CVE-2019-5542
>= 11.0.0 and < 11.5.1
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handl
7.7
HIGH
CVE-2019-5541
>= 11.0.0 and < 11.5.1
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e
9.1
CRITICAL
CVE-2019-5540
>= 11.0.0 and < 11.5.1
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdh
7.7
HIGH
CVE-2019-5536
>= 11.0.0 and < 11.5.0
VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11
6.5
MEDIUM
CVE-2019-5535
>= 11.0.0 and < 11.5.0
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets.
4.7
MEDIUM
CVE-2019-5527
>= 11.0.0 and < 11.5.0
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has
8.8
HIGH
CVE-2019-5521
>= 10.0.0 and < 10.1.6
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14
9.6
CRITICAL
CVE-2019-5520
>= 10.0.0 and < 10.1.6
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14
5.9
MEDIUM
CVE-2019-5517
>= 10.0.0 and < 10.1.6
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14
6.8
MEDIUM
CVE-2019-5516
>= 10.0.0 and < 10.1.6
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14
6.8
MEDIUM
CVE-2019-5524
>= 10.0.0 and < 10.1.6
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000
8.8
HIGH
CVE-2019-5515
>= 10.0.0 and < 10.1.6
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an
8.8
HIGH
CVE-2019-5519
>= 10.0.0 and < 10.1.6
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 1
6.8
MEDIUM
CVE-2019-5518
>= 10.0.0 and < 10.1.6
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 1
6.8
MEDIUM
CVE-2019-5514
>= 11.0.0 and < 11.0.3
VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through
8.8
HIGH
CVE-2018-6982
>= 10.0.0 and < 10.1.4
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory u
6.5
MEDIUM
CVE-2018-6981
>= 10.0.0 and < 10.1.4
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201
8.8
HIGH
CVE-2018-6983
>= 10.0.0 and < 10.1.5
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an i
8.8
HIGH
CVE-2018-6974
>= 10.0 and < 10.1.3
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (
8.8
HIGH
CVE-2018-6977
>= 10.0.0 and <= 10.1.5
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due
6.5
MEDIUM
CVE-2018-6973
> 10.0.0 and < 10.1.3
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000
8.8
HIGH
CVE-2018-6972
>= 10.0 and < 10.1.2
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi
6.5
MEDIUM
CVE-2018-6967
>= 10.0 and < 10.1.2
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of
8.1
HIGH
CVE-2018-6966
>= 10.0 and < 10.1.2
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of
8.1
HIGH
CVE-2018-6965
>= 10.0 and < 10.1.2
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of
8.1
HIGH
CVE-2018-12501
< 4.1.4
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
6.1
MEDIUM
CVE-2018-6963
>= 10.0 and < 10.1.2
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that oc
5.5
MEDIUM
CVE-2018-6962
>= 10.0 and < 10.1.2
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.
7.8
HIGH
CVE-2018-6957
>= 10.0 and < 10.1.1
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability wh
5.3
MEDIUM
CVE-2017-4950
>= 8.0 and < 8.5.10
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issu
7.0
HIGH
CVE-2017-4949
>= 8.0 and < 8.5.10
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue m
7.0
HIGH
CVE-2017-4945
all versions
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow pr
5.5
MEDIUM
CVE-2017-5753
>= 8.0.0 and < 8.5.9
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of informatio
5.6
MEDIUM
CVE-2017-4941
>= 8.0.0 and < 8.5.9
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before
8.8
HIGH
CVE-2017-4933
>= 8.0.0 and < 8.5.9
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerabi
8.8
HIGH
CVE-2017-4938
all versions
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability.
6.5
MEDIUM
CVE-2017-4934
all versions
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device
8.8
HIGH
CVE-2017-4925
>= 8.0.0 and < 8.5.4
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-20
5.5
MEDIUM
CVE-2017-4924
>= 8.0.0 and < 8.5.8
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain
8.8
HIGH
CVE-2017-4901
all versions
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-o
9.9
CRITICAL
CVE-2017-4905
>= 8.0.0 and < 8.5.6
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703
5.5
MEDIUM
CVE-2017-4904
>= 8.0.0 and < 8.5.6
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 witho
8.8
HIGH
CVE-2017-4903
>= 8.0.0 and < 8.5.6
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703
8.8
HIGH
CVE-2017-4902
>= 8.0.0 and < 8.5.6
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior
8.8
HIGH
CVE-2016-7461
all versions
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2
8.8
HIGH
CVE-2016-5329
all versions
VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel me
5.5
MEDIUM
CVE-2016-5330
>= 8.1 and < 8.1.1
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0
7.8
HIGH
CVE-2015-6933
all versions
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2
6.3
MEDIUM
CVE-2015-2341
all versions
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 all
CVE-2015-2340
all versions
TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, an
CVE-2015-2339
all versions
TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, a
CVE-2015-2338
all versions
TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, a
CVE-2015-2337
all versions
TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, an
CVE-2015-2336
all versions
TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, a
CVE-2015-2194
all versions
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allow
CVE-2015-1043
all versions
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x
CVE-2014-8370
all versions
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through
CVE-2014-3793
all versions
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware
CVE-2014-1208
all versions
VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1,
CVE-2013-3519
all versions
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4
CVE-2013-1406
all versions
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x befor
CVE-2012-1666
<= 4.1.1
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion
CVE-2012-2083
<= 6.x-1.12
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion mod
CVE-2012-3288
all versions
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x b
CVE-2012-2450
all versions
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0,
CVE-2012-2449
all versions
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0,
CVE-2012-1518
all versions
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0,
CVE-2011-3868
all versions
Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMwa
CVE-2011-2146
all versions
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.
CVE-2011-2145
all versions
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.
CVE-2011-1787
all versions
Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player
CVE-2010-4297
all versions
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMw
CVE-2010-4296
all versions
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux,
CVE-2010-4295
all versions
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player
CVE-2010-1142
all versions
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.
CVE-2010-1141
all versions
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.
CVE-2010-1139
all versions
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.
CVE-2010-1138
all versions
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 2464
CVE-2009-2267
all versions
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 b
CVE-2009-3282
<= 2.0.5
Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial o
CVE-2009-3281
<= 2.0.5
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS
CVE-2009-1805
<= 2.0.1
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player
CVE-2009-1244
<= 2.0.3
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and
CVE-2009-0177
<= 2.0.1
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and ea
CVE-2008-2100
<= 1.1.1
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x,
CVE-2008-2098
all versions
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Pl
CVE-2005-1596
<= 1.2
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authen
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin