Vulnerabilities > Vmware > Workstation Player > 12.5.2

DATE CVE VULNERABILITY TITLE RISK
2018-03-15 CVE-2018-6957 Missing Release of Resource after Effective Lifetime vulnerability in VMWare Fusion, Workstation Player and Workstation PRO
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions.
network
vmware CWE-772
3.5
3.5
2017-06-07 CVE-2017-4905 Use of Uninitialized Resource vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage.
local
low complexity
vmware CWE-908
2.1
2.1
2017-06-07 CVE-2017-4904 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage.
local
low complexity
vmware CWE-119
7.2
7.2
2017-06-07 CVE-2017-4903 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA.
local
low complexity
vmware CWE-119
7.2
7.2
2017-06-07 CVE-2017-4902 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA.
local
low complexity
vmware CWE-119
7.2
7.2
2017-06-07 CVE-2017-4900 NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver.
local
low complexity
vmware CWE-476
2.1
2.1
2017-06-07 CVE-2017-4898 DLL Loading Remote Code Execution vulnerability in Multiple VMware Workstation Products
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable.
local
vmware
6.9
6.9