Skip to main content

Fusion

118 CVEs product

Monthly

CVE-2026-10789 CRITICAL PATCH Act Now

Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE Code Injection Fusion
NVD VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-4344 HIGH PATCH This Week

Stored XSS in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files through malicious component names displayed in delete confirmation dialogs. When a user clicks the crafted payload, the vulnerability escalates from XSS to potential local code execution within the application context. Vendor-released patches available for Windows and macOS. No public exploit identified at time of analysis, though the attack vector is local (CVSS:3.1/AV:L) requiring user interaction but no authentication (PR:N), with CVSS 7.1 reflecting high confidentiality and integrity impact.

RCE XSS Fusion
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-4345 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files by crafting malicious HTML payloads in design names that trigger when exported to CSV format. The vulnerability requires no authentication but depends on user interaction (opening the exported CSV). Vendor patch available via updated client installers for Windows and macOS. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code identified at time of analysis.

RCE XSS Fusion
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-4369 HIGH PATCH This Week

Stored cross-site scripting in Autodesk Fusion desktop application enables arbitrary code execution when malicious assembly variant names render in delete confirmation dialogs. Attackers can craft HTML payloads that execute in the application context, enabling local file access and code execution with user privileges (CVSS 7.1, local attack vector requiring user interaction). Vendor-released patch available via official Fusion client installers for Windows and macOS. No public exploit identified at time of analysis.

RCE XSS Fusion
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-0535 HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows a malicious actor to embed an HTML payload in a component's description that, when clicked by another user, can read local files or execute arbitrary code in the context of the Fusion process. The vulnerability requires user interaction but no authentication on the victim side, and Autodesk has released a patch via security advisory ADSK-SA-2026-0001. No public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.02%.

XSS RCE Fusion
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0534 HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed malicious HTML in a part's attribute that, when clicked by a victim, executes script in the application context. Because Fusion is a desktop Electron-style client rather than a sandboxed browser, successful exploitation can escalate to local file read or arbitrary code execution in the user's process. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.02%, 4th percentile).

XSS RCE Fusion
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0533 HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed a malicious HTML payload in a design name that executes when a user opens the delete confirmation dialog and clicks the rendered content. Successful exploitation can lead to local file disclosure or arbitrary code execution in the context of the Fusion process. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.04%, 11th percentile).

XSS RCE Fusion
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-10244 HIGH This Month

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Fusion
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-22226 HIGH KEV THREAT CERT-EU Act Now

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Information Disclosure Buffer Overflow VMware ESXi Cloud Foundation +4
NVD
CVSS 3.1
7.1
EPSS
6.8%
CVE-2024-42495 HIGH This Week

Credentials to access device configuration were transmitted using an unencrypted protocol. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusion
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39278 MEDIUM This Month

Credentials to access device configuration information stored unencrypted in flash memory. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Fusion
NVD
CVSS 4.0
4.1
EPSS
0.2%
CVE-2024-38811 HIGH This Week

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Fusion
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22273 HIGH This Week

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Denial Of Service Cloud Foundation +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22270 MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-22269 MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-22268 MEDIUM This Month

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service Memory Corruption Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22267 HIGH This Week

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure VMware Memory Corruption Fusion +1
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-22255 HIGH This Week

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Denial Of Service Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2024-22253 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Cloud Foundation +3
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-22252 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Workstation +2
NVD
CVSS 3.1
6.7
EPSS
3.5%
CVE-2024-22251 MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Fusion Workstation
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-34045 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34046 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-34044 MEDIUM This Month

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-20870 MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Fusion Workstation
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2023-20869 HIGH This Week

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware Fusion Workstation
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2023-20872 HIGH This Week

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware Fusion Workstation
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-20871 HIGH This Week

VMware Fusion contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass Fusion
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31705 HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware Buffer Overflow Workstation +2
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2022-38395 HIGH This Week

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Fusion Support Assistant
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-3999 MEDIUM PATCH This Month

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation ESXi Fusion
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-4004 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption VMware Fusion +3
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-3995 MEDIUM PATCH This Month

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service VMware ESXi Cloud Foundation Workstation +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3982 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2020-3981 MEDIUM PATCH This Month

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Buffer Overflow VMware Information Disclosure Cloud Foundation Workstation +2
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-3980 MEDIUM This Month

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3974 HIGH PATCH This Week

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Fusion Horizon Client Remote Console
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3971 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3970 LOW Monitor

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service Information Disclosure Cloud Foundation +3
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-3968 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-3967 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Memory Corruption VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-3966 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-3965 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow VMware Information Disclosure Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-3964 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-3963 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3962 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-3969 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-3959 LOW Monitor

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion Workstation ESXi
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-3958 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion Workstation ESXi
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-3957 HIGH This Week

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion Horizon Client Remote Console
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-3950 HIGH POC KEV THREAT Act Now

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation VMware Fusion Horizon Client Remote Console
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
7.3%
CVE-2020-3948 HIGH This Week

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion Workstation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3947 HIGH This Week

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption VMware Fusion +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-5542 HIGH PATCH This Week

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

VMware Information Disclosure Fusion Workstation
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2019-5541 CRITICAL PATCH Act Now

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow VMware RCE Memory Corruption Workstation +1
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2019-5540 HIGH PATCH This Week

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

VMware Information Disclosure Workstation Fusion
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2019-5536 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion Workstation ESXi
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-5535 MEDIUM This Month

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion Workstation
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-5527 HIGH This Week

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware Information Disclosure Memory Corruption Horizon +4
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-5521 CRITICAL Act Now

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2019-5520 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2019-5517 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
1.1%
CVE-2019-5516 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
1.7%
CVE-2019-5524 HIGH This Week

VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Memory Corruption Fusion Workstation
NVD
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-5515 HIGH This Week

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow VMware RCE Memory Corruption +2
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2019-5519 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion Workstation ESXi
NVD
CVSS 3.0
6.8
EPSS
1.0%
CVE-2019-5518 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2019-5514 HIGH This Week

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Fusion
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-6982 MEDIUM This Month

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion ESXi
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-6981 HIGH This Week

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion ESXi
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2018-6983 HIGH This Week

VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow VMware Buffer Overflow Workstation Fusion
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-6974 HIGH PATCH This Week

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

VMware Information Disclosure Buffer Overflow Workstation Fusion +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-6977 MEDIUM This Month

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware ESXi Workstation Fusion
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-6973 HIGH This Week

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption VMware Buffer Overflow Fusion Workstation
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-6972 MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service VMware Workstation Fusion +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-6967 HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow Fusion Workstation +1
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2018-6966 HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow Fusion Workstation +1
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2018-6965 HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow Workstation ESXi +1
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2018-12501 MEDIUM This Month

Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fusion
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-6963 MEDIUM PATCH This Month

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware Fusion Workstation
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-6962 HIGH This Week

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6957 MEDIUM This Month

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Workstation Pro Workstation Player Fusion
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2017-5753 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.

Authentication Bypass Atom C Atom E Atom X3 Atom X5 E3930 +304
NVD Exploit-DB VulDB
CVSS 3.1
5.6
EPSS
94.3%
Threat
5.4
CVE-2017-4941 HIGH PATCH This Week

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE VMware Fusion Workstation +1
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2017-4933 HIGH This Week

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware RCE Workstation Pro +2
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2017-4938 MEDIUM PATCH This Month

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware Workstation Fusion
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-4934 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Fusion
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-4925 MEDIUM This Month

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service VMware ESXi Workstation +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-4924 HIGH POC This Week

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption VMware Fusion Workstation Pro +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-4901 CRITICAL POC THREAT Emergency

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Buffer Overflow VMware Fusion Workstation
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
14.1%
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE Code Injection Fusion
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored XSS in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files through malicious component names displayed in delete confirmation dialogs. When a user clicks the crafted payload, the vulnerability escalates from XSS to potential local code execution within the application context. Vendor-released patches available for Windows and macOS. No public exploit identified at time of analysis, though the attack vector is local (CVSS:3.1/AV:L) requiring user interaction but no authentication (PR:N), with CVSS 7.1 reflecting high confidentiality and integrity impact.

RCE XSS Fusion
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored cross-site scripting (XSS) in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files by crafting malicious HTML payloads in design names that trigger when exported to CSV format. The vulnerability requires no authentication but depends on user interaction (opening the exported CSV). Vendor patch available via updated client installers for Windows and macOS. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code identified at time of analysis.

RCE XSS Fusion
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored cross-site scripting in Autodesk Fusion desktop application enables arbitrary code execution when malicious assembly variant names render in delete confirmation dialogs. Attackers can craft HTML payloads that execute in the application context, enabling local file access and code execution with user privileges (CVSS 7.1, local attack vector requiring user interaction). Vendor-released patch available via official Fusion client installers for Windows and macOS. No public exploit identified at time of analysis.

RCE XSS Fusion
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows a malicious actor to embed an HTML payload in a component's description that, when clicked by another user, can read local files or execute arbitrary code in the context of the Fusion process. The vulnerability requires user interaction but no authentication on the victim side, and Autodesk has released a patch via security advisory ADSK-SA-2026-0001. No public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.02%.

XSS RCE Fusion
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed malicious HTML in a part's attribute that, when clicked by a victim, executes script in the application context. Because Fusion is a desktop Electron-style client rather than a sandboxed browser, successful exploitation can escalate to local file read or arbitrary code execution in the user's process. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.02%, 4th percentile).

XSS RCE Fusion
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed a malicious HTML payload in a design name that executes when a user opens the delete confirmation dialog and clicks the rendered content. Successful exploitation can lead to local file disclosure or arbitrary code execution in the context of the Fusion process. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.04%, 11th percentile).

XSS RCE Fusion
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Month

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Fusion
NVD
EPSS 7% CVSS 7.1
HIGH KEV THREAT Act Now

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Information Disclosure Buffer Overflow VMware +6
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Credentials to access device configuration were transmitted using an unencrypted protocol. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusion
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Credentials to access device configuration information stored unencrypted in flash memory. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Fusion
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Fusion
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +5
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +1
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +3
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure VMware +3
NVD
EPSS 2% CVSS 7.1
HIGH This Week

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Denial Of Service +4
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE +5
NVD
EPSS 4% CVSS 6.7
MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
EPSS 0% CVSS 7.0
HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 2% CVSS 8.2
HIGH This Week

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Fusion contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass +1
NVD
EPSS 2% CVSS 8.2
HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware +4
NVD
EPSS 3% CVSS 7.8
HIGH This Week

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Fusion +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation +2
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service VMware ESXi +3
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi +4
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Buffer Overflow VMware Information Disclosure +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Fusion +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 0% CVSS 3.8
LOW Monitor

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +5
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware +4
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow VMware Information Disclosure +4
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure VMware Cloud Foundation +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow VMware Cloud Foundation +3
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion +2
NVD
EPSS 7% CVSS 7.8
HIGH POC KEV THREAT Act Now

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation VMware Fusion +2
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +3
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

VMware Information Disclosure Fusion +1
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow VMware RCE +3
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

VMware Information Disclosure Workstation +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware Information Disclosure +6
NVD
EPSS 2% CVSS 9.6
CRITICAL Act Now

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Memory Corruption +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow VMware +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Fusion
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow VMware Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware ESXi +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption VMware Buffer Overflow +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service VMware +3
NVD
EPSS 2% CVSS 8.1
HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 2% CVSS 8.1
HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 3% CVSS 8.1
HIGH This Week

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Buffer Overflow +3
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fusion
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Workstation Pro +2
NVD
EPSS 94% 5.4 CVSS 5.6
MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.

Authentication Bypass Atom C Atom E +306
NVD Exploit-DB VulDB
EPSS 5% CVSS 8.8
HIGH PATCH This Week

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE VMware +3
NVD
EPSS 7% CVSS 8.8
HIGH This Week

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service VMware +4
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption VMware +3
NVD
EPSS 14% CVSS 9.9
CRITICAL POC THREAT Emergency

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Buffer Overflow VMware Fusion +1
NVD Exploit-DB
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy