Vulnerabilities > Vmware > Fusion

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2023-34045 Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
local
low complexity
vmware
7.8
2023-10-20 CVE-2023-34044 Out-of-bounds Read vulnerability in VMWare Fusion and Workstation
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
local
low complexity
vmware CWE-125
6.0
2023-10-20 CVE-2023-34046 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
local
high complexity
vmware CWE-367
7.0
2023-04-25 CVE-2023-20869 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
local
low complexity
vmware CWE-787
8.2
2023-04-25 CVE-2023-20870 Out-of-bounds Read vulnerability in VMWare Fusion and Workstation
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
local
low complexity
vmware CWE-125
6.0
2023-04-25 CVE-2023-20871 Unspecified vulnerability in VMWare Fusion
VMware Fusion contains a local privilege escalation vulnerability.
local
low complexity
vmware
7.8
2023-04-25 CVE-2023-20872 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
local
low complexity
vmware CWE-787
8.8
2022-02-16 CVE-2021-22040 Use After Free vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
4.6
2022-02-16 CVE-2021-22041 Unspecified vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller.
local
low complexity
vmware
4.6
2022-02-16 CVE-2021-22043 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Esxi and Fusion
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled.
network
vmware CWE-367
6.0