Vmware Fusion Pro Fusion vulnerabilities
5 known vulnerabilities affecting vmware/fusion_pro_fusion.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-4901CRITICALCVSS 9.9PoCv8.x prior to 8.5.5.2017-06-08
CVE-2017-4901 [CRITICAL] CWE-119 CVE-2017-4901: The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x bef
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
cvelistv5nvd
CVE-2017-4902HIGHCVSS 8.8v8.x prior to 8.5.62017-06-07
CVE-2017-4902 [HIGH] CWE-119 CVE-2017-4902: VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Works
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
cvelistv5nvd
CVE-2017-4903HIGHCVSS 8.8v8.x prior to 8.5.62017-06-07
CVE-2017-4903 [HIGH] CWE-119 CVE-2017-4903: VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage
cvelistv5nvd
CVE-2017-4904HIGHCVSS 8.8v8.x prior to 8.5.62017-06-07
CVE-2017-4904 [HIGH] CWE-119 CVE-2017-4904: The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized
cvelistv5nvd
CVE-2017-4905MEDIUMCVSS 5.5PoCv8.x prior to 8.5.62017-06-07
CVE-2017-4905 [MEDIUM] CWE-908 CVE-2017-4905: VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issu
cvelistv5nvd