Vulnerabilities > Vmware > Fusion > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-38811 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2 VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. | 7.8 |
| 2023-10-20 | CVE-2023-34045 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2 VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 7.8 |
| 2023-10-20 | CVE-2023-34046 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2 VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 7.0 |
| 2023-04-25 | CVE-2023-20869 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | 8.2 |
| 2023-04-25 | CVE-2023-20871 | Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1 VMware Fusion contains a local privilege escalation vulnerability. | 7.8 |
| 2023-04-25 | CVE-2023-20872 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | 8.8 |
| 2022-12-14 | CVE-2022-31705 | Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). | 8.2 |
| 2022-02-16 | CVE-2021-22043 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Esxi and Fusion VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. | 7.5 |
| 2022-01-04 | CVE-2021-22045 | Out-of-bounds Write vulnerability in VMWare products VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. | 7.8 |
| 2021-09-15 | CVE-2020-3960 | Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. | 8.4 |