Fusion
Monthly
Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Stored XSS in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files through malicious component names displayed in delete confirmation dialogs. When a user clicks the crafted payload, the vulnerability escalates from XSS to potential local code execution within the application context. Vendor-released patches available for Windows and macOS. No public exploit identified at time of analysis, though the attack vector is local (CVSS:3.1/AV:L) requiring user interaction but no authentication (PR:N), with CVSS 7.1 reflecting high confidentiality and integrity impact.
Stored cross-site scripting (XSS) in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files by crafting malicious HTML payloads in design names that trigger when exported to CSV format. The vulnerability requires no authentication but depends on user interaction (opening the exported CSV). Vendor patch available via updated client installers for Windows and macOS. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code identified at time of analysis.
Stored cross-site scripting in Autodesk Fusion desktop application enables arbitrary code execution when malicious assembly variant names render in delete confirmation dialogs. Attackers can craft HTML payloads that execute in the application context, enabling local file access and code execution with user privileges (CVSS 7.1, local attack vector requiring user interaction). Vendor-released patch available via official Fusion client installers for Windows and macOS. No public exploit identified at time of analysis.
Stored cross-site scripting in the Autodesk Fusion desktop application allows a malicious actor to embed an HTML payload in a component's description that, when clicked by another user, can read local files or execute arbitrary code in the context of the Fusion process. The vulnerability requires user interaction but no authentication on the victim side, and Autodesk has released a patch via security advisory ADSK-SA-2026-0001. No public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.02%.
Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed malicious HTML in a part's attribute that, when clicked by a victim, executes script in the application context. Because Fusion is a desktop Electron-style client rather than a sandboxed browser, successful exploitation can escalate to local file read or arbitrary code execution in the user's process. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.02%, 4th percentile).
Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed a malicious HTML payload in a design name that executes when a user opens the delete confirmation dialog and clicks the rendered content. Successful exploitation can lead to local file disclosure or arbitrary code execution in the context of the Fusion process. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.04%, 11th percentile).
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.
Credentials to access device configuration were transmitted using an unencrypted protocol. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Credentials to access device configuration information stored unencrypted in flash memory. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. Rated medium severity (CVSS 6.7). No vendor patch available.
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a. Rated high severity (CVSS 7.0). No vendor patch available.
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.
Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Stored XSS in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files through malicious component names displayed in delete confirmation dialogs. When a user clicks the crafted payload, the vulnerability escalates from XSS to potential local code execution within the application context. Vendor-released patches available for Windows and macOS. No public exploit identified at time of analysis, though the attack vector is local (CVSS:3.1/AV:L) requiring user interaction but no authentication (PR:N), with CVSS 7.1 reflecting high confidentiality and integrity impact.
Stored cross-site scripting (XSS) in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files by crafting malicious HTML payloads in design names that trigger when exported to CSV format. The vulnerability requires no authentication but depends on user interaction (opening the exported CSV). Vendor patch available via updated client installers for Windows and macOS. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code identified at time of analysis.
Stored cross-site scripting in Autodesk Fusion desktop application enables arbitrary code execution when malicious assembly variant names render in delete confirmation dialogs. Attackers can craft HTML payloads that execute in the application context, enabling local file access and code execution with user privileges (CVSS 7.1, local attack vector requiring user interaction). Vendor-released patch available via official Fusion client installers for Windows and macOS. No public exploit identified at time of analysis.
Stored cross-site scripting in the Autodesk Fusion desktop application allows a malicious actor to embed an HTML payload in a component's description that, when clicked by another user, can read local files or execute arbitrary code in the context of the Fusion process. The vulnerability requires user interaction but no authentication on the victim side, and Autodesk has released a patch via security advisory ADSK-SA-2026-0001. No public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.02%.
Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed malicious HTML in a part's attribute that, when clicked by a victim, executes script in the application context. Because Fusion is a desktop Electron-style client rather than a sandboxed browser, successful exploitation can escalate to local file read or arbitrary code execution in the user's process. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.02%, 4th percentile).
Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed a malicious HTML payload in a design name that executes when a user opens the delete confirmation dialog and clicks the rendered content. Successful exploitation can lead to local file disclosure or arbitrary code execution in the context of the Fusion process. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.04%, 11th percentile).
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.
Credentials to access device configuration were transmitted using an unencrypted protocol. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Credentials to access device configuration information stored unencrypted in flash memory. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. Rated medium severity (CVSS 6.7). No vendor patch available.
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a. Rated high severity (CVSS 7.0). No vendor patch available.
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.