Vmware Workstation Player vulnerabilities

CVE-2021-22040 [MEDIUM] CWE-416 CVE-2021-22040: VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controll VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVE-2020-3982 [HIGH] CWE-367 CVE-2020-3982: VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650 VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit

CVE-2020-3990 [MEDIUM] CWE-125 CVE-2020-3990: VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information d VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstati

CVE-2020-3988 [MEDIUM] CWE-125 CVE-2020-3988: VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process run

CVE-2020-3986 [MEDIUM] CWE-125 CVE-2020-3986: VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running

CVE-2020-3987 [MEDIUM] CWE-125 CVE-2020-3987: VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView pr

CVE-2020-3989 [LOW] CWE-787 CVE-2020-3989: VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of serv VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstatio

CVE-2018-6983 [HIGH] VMware Workstation and Fusion updates address an integer overflow issue. VMSA-2018-0030: VMware Workstation and Fusion updates address an integer overflow issue. VMware Workstation and Fusion updates address an integer overflow issue. 2. Relevant Products VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) 3. Problem Description VMware Workstation and Fusion virtual network devices integer overflow vulnerability. VMware Workstation and Fusion co

CVE-2018-6981 [HIGH] VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage VMSA-2018-0027: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage. 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion)3. Problem Description a. vmxnet3 uninitialized stack memory usage VMware E

CVE-2018-6974 [HIGH] VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability VMSA-2018-0026: VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) 3. Problem Description Out-of-bounds read vulnerability in SVGA De

CVE-2018-6973 [HIGH] VMware Workstation and Fusion updates address an out-of-bounds write issue VMSA-2018-0022: VMware Workstation and Fusion updates address an out-of-bounds write issue Workstation and Fusion e1000 device out-of-bounds write vulnerability VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. VMware would like to thank Anonymous working with Trend Micro's Zero Day Initiative for

CVE-2018-6971 [HIGH] VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues VMSA-2018-0018: VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues a. VMware Horizon View Agent local information disclosure vulnerability VMware Horizon View Agents contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currentl

CVE-2018-6965 [HIGH] VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities VMSA-2018-0016: VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) 3. Problem Description ESXi, Workstation,

CVE-2018-6962 [HIGH] VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities VMSA-2018-0013: VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities a. Fusion signature bypass vulnerability VMware Fusion contains a signature bypass vulnerability which may lead to a local privilege escalation. VMware would like to thank CodeColorist of AntFinancial LightYear Security Labs for reporting thi

CVE-2018-5511 [HIGH] CWE-470 CVE-2018-5511: On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVE-2018-6957 [MEDIUM] CWE-772 CVE-2018-6957: VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a deni VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.

CVE-2017-4949 [HIGH] VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities VMSA-2018-0005: VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities 2. Relevant Products VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description a. Use-after-free vulnerability in VMwa

CVE-2017-4945 [HIGH] vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities VMSA-2018-0003: vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities a. V4H and V4PA desktop agent privilege escalation vulnerability The V4H and V4PA desktop agents contain a privile

CVE-2017-4933 [HIGH] VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities VMSA-2017-0021: VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities a. ESXi, Workstation, and Fusion stack overflow via authenticated VNC session VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC p

CVE-2017-4934 [HIGH] VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities VMSA-2017-0018: VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities 2. Relevant Products VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion)3. Problem Description a. Heap buffer-overflow vulnerabil