Vmware Workstation vulnerabilities

225 known vulnerabilities affecting vmware/workstation.

Total CVEs

225

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL32HIGH90MEDIUM88LOW15

Vulnerabilities

Page 7 of 12

CVE-2015-1044LOWCVSS 3.3v10.0v10.0.1+3 more2015-01-29

CVE-2015-1044 [LOW] CVE-2015-1044: vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.

nvd

CVE-2015-1043LOWCVSS 3.3v10.0v10.0.1+3 more2015-01-29

CVE-2015-1043 [LOW] CWE-20 CVE-2015-1043: The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.

nvd

CVE-2014-4199MEDIUMCVSS 6.3≤ 10.0.3v10.0+2 more2014-08-28

CVE-2014-4199 [MEDIUM] CWE-59 CVE-2014-4199: vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other pro vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

nvd

CVE-2014-4200MEDIUMCVSS 4.7≤ 10.0.3v10.0+2 more2014-08-28

CVE-2014-4200 [MEDIUM] CWE-264 CVE-2014-4200: vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other pro vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

nvd

CVE-2014-3793MEDIUMCVSS 5.8v10.0v10.0.12014-05-31

CVE-2014-3793 [MEDIUM] CVE-2014-3793: VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.

nvd

CVE-2014-2384MEDIUMCVSS 4.9v10.0.1_build_13797762014-04-15

CVE-2014-2384 [MEDIUM] CWE-399 CVE-2014-2384: vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Window vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable."

nvd

CVE-2014-1208LOWCVSS 3.3v9.02014-01-17

CVE-2014-1208 [LOW] CVE-2014-1208: VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.

nvd

CVE-2013-3519HIGHCVSS 7.9v9.0v9.0.1+1 more2013-12-04

CVE-2013-3519 [HIGH] CWE-264 CVE-2013-3519: lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5 lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

nvd

CVE-2013-5972HIGHCVSS 7.2v9.0v9.0.1+1 more2013-11-18

CVE-2013-5972 [HIGH] CWE-264 CVE-2013-5972: VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly hand VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.

nvd

CVE-2013-1662MEDIUMCVSS 6.9PoCv8.0v8.0.0.18997+10 more2013-08-24

CVE-2013-1662 [MEDIUM] CWE-264 CVE-2013-1662: vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on De vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

nvd

CVE-2013-1406HIGHCVSS 7.2PoCv8.0v8.0.0.18997+6 more2013-02-11

CVE-2013-1406 [HIGH] CWE-20 CVE-2013-1406: The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory al

nvd

CVE-2012-3569CRITICALCVSS 9.3PoCv8.0v8.0.0.18997+5 more2012-11-14

CVE-2012-3569 [CRITICAL] CWE-134 CVE-2012-3569: Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x bef Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

nvd

CVE-2012-5459HIGHCVSS 7.9v8.0v8.0.0.18997+5 more2012-11-14

CVE-2012-5459 [HIGH] CVE-2012-5459: Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x bef Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."

nvd

CVE-2012-5458HIGHCVSS 8.3v8.0v8.0.0.18997+5 more2012-11-14

CVE-2012-5458 [HIGH] CWE-264 CVE-2012-5458: VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissio VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.

nvd

CVE-2012-1666MEDIUMCVSS 6.9PoC≤ 8.0.3v8.0+4 more2012-09-08

CVE-2012-1666 [MEDIUM] CVE-2012-1666: Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Playe Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

nvd

CVE-2012-3288CRITICALCVSS 9.3v7.0v7.0.1+11 more2012-06-14

CVE-2012-3288 [CRITICAL] CWE-20 CVE-2012-3288: VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x bef VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a c

nvd

CVE-2012-3289HIGHCVSS 7.8v8.0v8.0.1+2 more2012-06-14

CVE-2012-3289 [HIGH] CWE-94 CVE-2012-3289: VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, an VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.

nvd

CVE-2012-2449CRITICALCVSS 9.0v8.0v8.0.1+1 more2012-05-04

CVE-2012-2449 [CRITICAL] CWE-119 CVE-2012-2449: VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2 VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbit

nvd

CVE-2012-2450CRITICALCVSS 9.0v8.0v8.0.1+1 more2012-05-04

CVE-2012-2450 [CRITICAL] CVE-2012-2450: VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by l

nvd

CVE-2012-1518HIGHCVSS 8.3v8.0v8.0.12012-04-17

CVE-2012-1518 [HIGH] CWE-264 CVE-2012-1518: VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.

nvd

← Previous7 / 12Next →