Vulnerabilities > Vmware > Fusion > 13.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-20 | CVE-2023-34045 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2 VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 7.8 |
| 2023-10-20 | CVE-2023-34044 | Out-of-bounds Read vulnerability in VMWare Fusion and Workstation VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | 6.0 |
| 2023-10-20 | CVE-2023-34046 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2 VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 7.0 |
| 2023-04-25 | CVE-2023-20872 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | 8.8 |