Vmware Fusion Pro vulnerabilities

CVE-2018-6983 [HIGH] VMware Workstation and Fusion updates address an integer overflow issue. VMSA-2018-0030: VMware Workstation and Fusion updates address an integer overflow issue. VMware Workstation and Fusion updates address an integer overflow issue. 2. Relevant Products VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) 3. Problem Description VMware Workstation and Fusion virtual network devices integer overflow vulnerability. VMware Workstation and Fusion co

CVE-2018-6981 [HIGH] VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage VMSA-2018-0027: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage. 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion)3. Problem Description a. vmxnet3 uninitialized stack memory usage VMware E

CVE-2018-6974 [HIGH] VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability VMSA-2018-0026: VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) 3. Problem Description Out-of-bounds read vulnerability in SVGA De

CVE-2018-6973 [HIGH] VMware Workstation and Fusion updates address an out-of-bounds write issue VMSA-2018-0022: VMware Workstation and Fusion updates address an out-of-bounds write issue Workstation and Fusion e1000 device out-of-bounds write vulnerability VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. VMware would like to thank Anonymous working with Trend Micro's Zero Day Initiative for

CVE-2018-6971 [HIGH] VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues VMSA-2018-0018: VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues a. VMware Horizon View Agent local information disclosure vulnerability VMware Horizon View Agents contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currentl

CVE-2018-6965 [HIGH] VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities VMSA-2018-0016: VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) 3. Problem Description ESXi, Workstation,

CVE-2018-6962 [HIGH] VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities VMSA-2018-0013: VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities a. Fusion signature bypass vulnerability VMware Fusion contains a signature bypass vulnerability which may lead to a local privilege escalation. VMware would like to thank CodeColorist of AntFinancial LightYear Security Labs for reporting thi

CVE-2018-6957 [MEDIUM] Workstation and Fusion updates address a denial-of-service vulnerability VMSA-2018-0008: Workstation and Fusion updates address a denial-of-service vulnerability Workstation and Fusion updates address a denial-of-service vulnerability 2. Relevant Products VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description Denial-of-service vulnerability through VNC VMware Workstation and Fusion contain a denial-of-service vulnerability

CVE-2017-4949 [HIGH] VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities VMSA-2018-0005: VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities 2. Relevant Products VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description a. Use-after-free vulnerability in VMwa

CVE-2017-4945 [HIGH] vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities VMSA-2018-0003: vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities a. V4H and V4PA desktop agent privilege escalation vulnerability The V4H and V4PA desktop agents contain a privile

CVE-2017-5715 [MEDIUM] VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. VMSA-2018-0002: VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. Note: This document will focus on the Hypervisor-Specific Mitigations for the known variants of CVE-2017-5753 and CVE-2017-5715. Please review KB522

CVE-2017-4933 [HIGH] VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities VMSA-2017-0021: VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities a. ESXi, Workstation, and Fusion stack overflow via authenticated VNC session VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC p

CVE-2017-4934 [HIGH] VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities VMSA-2017-0018: VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities 2. Relevant Products VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion)3. Problem Description a. Heap buffer-overflow vulnerabil

CVE-2017-4924 [HIGH] VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities VMSA-2017-0015: VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities. 2. Relevant Products VMware ESXi (ESXi) VMware vCenter Server VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion)3. Problem De

CVE-2017-4902 [HIGH] CWE-119 CVE-2017-4902: VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Works VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

CVE-2017-4904 [HIGH] CWE-119 CVE-2017-4904: The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized

CVE-2017-4903 [HIGH] CWE-119 CVE-2017-4903: VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage

CVE-2017-4905 [MEDIUM] CWE-908 CVE-2017-4905: VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issu

CVE-2017-4901 [CRITICAL] VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability VMSA-2017-0005: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability a. VMware Workstation and Fusion out-of-bounds memory access vulnerability The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs

CVE-2016-7461 [HIGH] CWE-119 CVE-2016-7461: The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Worksta The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.