Vulnerabilities > Vmware > Workstation > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-25 CVE-2020-3966 Race Condition vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI).
local
high complexity
vmware CWE-362
7.5
7.5
2020-06-24 CVE-2020-3962 Use After Free vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device.
local
low complexity
vmware CWE-416
8.2
8.2
2020-06-24 CVE-2020-3969 Off-by-one Error vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device.
local
high complexity
vmware CWE-193
7.8
7.8
2020-03-16 CVE-2020-3948 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Fusion and Workstation
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint.
local
low complexity
vmware CWE-732
7.8
7.8
2020-03-16 CVE-2020-3947 Use After Free vulnerability in VMWare Fusion and Workstation
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp.
local
low complexity
vmware CWE-416
8.8
8.8
2020-03-16 CVE-2019-5543 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client, Remote Console and Workstation
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users.
local
low complexity
vmware CWE-732
7.8
7.8
2019-12-23 CVE-2019-5539 Uncontrolled Search Path Element vulnerability in VMWare Horizon View Agent and Workstation
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint.
local
low complexity
vmware CWE-427
7.8
7.8
2019-12-05 CVE-2019-5098 Out-of-bounds Read vulnerability in multiple products
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010.
network
low complexity
vmware amd CWE-125
8.6
8.6
2019-11-20 CVE-2019-5542 Unspecified vulnerability in VMWare Fusion and Workstation
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler.
network
low complexity
vmware
7.7
7.7
2019-11-20 CVE-2019-5540 Memory Leak vulnerability in VMWare Fusion and Workstation
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp.
network
low complexity
vmware CWE-401
7.7
7.7