Skip to main content

Fusion

118 CVEs product

Monthly

CVE-2017-4905 MEDIUM POC PATCH This Month

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

VMware Information Disclosure Fusion Fusion Pro Workstation Player +2
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.4%
CVE-2017-4904 HIGH This Week

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service VMware Fusion Fusion Pro +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-4903 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-4902 HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player Workstation Pro ESXi +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-7461 HIGH This Week

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow VMware Fusion +3
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-5329 MEDIUM This Month

VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Fusion
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-5330 HIGH POC THREAT Act Now

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%.

Information Disclosure VMware Workstation Player Workstation Pro ESXi +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
25.5%
CVE-2015-6933 MEDIUM PATCH This Month

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

VMware Authentication Bypass Denial Of Service Buffer Overflow Microsoft +4
NVD
CVSS 3.0
6.3
EPSS
1.8%
CVE-2015-2341 HIGH PATCH This Week

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Fusion Player Workstation
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2015-2340 MEDIUM PATCH This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2339 MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2338 MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2337 MEDIUM This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

RCE VMware Microsoft Fusion Player +3
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-2336 MEDIUM PATCH This Month

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

RCE VMware Microsoft Fusion Player +3
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-2194 MEDIUM POC This Month

Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP File Upload Fusion
NVD
CVSS 2.0
6.5
EPSS
2.4%
CVE-2015-1043 LOW PATCH Monitor

The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Fusion Workstation Player
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-8370 MEDIUM PATCH This Month

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation VMware Player Fusion +2
NVD
CVSS 2.0
6.4
EPSS
1.2%
CVE-2014-3793 MEDIUM This Month

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft Fusion Player +2
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1208 LOW Monitor

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service ESXi Fusion Player +2
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2013-3519 HIGH This Week

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation VMware Microsoft ESXi Workstation +3
NVD
CVSS 2.0
7.9
EPSS
0.2%
CVE-2013-1406 HIGH POC This Week

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

VMware Information Disclosure Microsoft Workstation Fusion +3
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.7%
CVE-2012-3233 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Fusion
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-1666 MEDIUM POC This Month

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

VMware Information Disclosure Workstation Player Fusion +2
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
0.2%
CVE-2012-2083 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Fusion
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-3288 CRITICAL Act Now

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Workstation +4
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2012-2450 CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Denial Of Service RCE Workstation Player +3
NVD
CVSS 2.0
9.0
EPSS
1.3%
CVE-2012-2449 CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Workstation +4
NVD
CVSS 2.0
9.0
EPSS
2.0%
CVE-2012-1518 HIGH This Week

VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Workstation Player Fusion +2
NVD
CVSS 2.0
8.3
EPSS
0.9%
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

VMware Information Disclosure Fusion +4
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service VMware +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Workstation Player +4
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Fusion
NVD
EPSS 25% CVSS 7.8
HIGH POC THREAT Act Now

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%.

Information Disclosure VMware Workstation Player +4
NVD Exploit-DB
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

VMware Authentication Bypass Denial Of Service +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Fusion +2
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft +5
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft +5
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft +5
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

RCE VMware Microsoft +5
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

RCE VMware Microsoft +5
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Fusion +2
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation VMware +4
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service ESXi +4
NVD
EPSS 0% CVSS 7.9
HIGH This Week

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation VMware Microsoft +5
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

VMware Information Disclosure Microsoft +5
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Fusion
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

VMware Information Disclosure Workstation +4
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Fusion
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service +6
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Denial Of Service RCE +5
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +6
NVD
EPSS 1% CVSS 8.3
HIGH This Week

VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Workstation +4
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy