Fusion
by VMware
CVEs (134)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60424 | 0.00 | — | 0.01 | Oct 27, 2025 | A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack. | |||
| CVE-2025-60425 | 0.00 | — | 0.01 | Oct 27, 2025 | Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack. | |||
| CVE-2024-38811 | 0.00 | — | 0.00 | Sep 3, 2024 | VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. | |||
| CVE-2024-22273 | 0.00 | — | 0.00 | May 21, 2024 | The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the… | |||
| CVE-2024-22270 | 0.00 | — | 0.01 | May 14, 2024 | VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor… | |||
| CVE-2024-22269 | 0.00 | — | 0.01 | May 14, 2024 | VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | |||
| CVE-2024-22268 | 0.00 | — | 0.01 | May 14, 2024 | VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service… | |||
| CVE-2024-22267 | 0.00 | — | 0.01 | May 14, 2024 | VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||
| CVE-2024-22255 | 0.00 | — | 0.02 | Mar 5, 2024 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | |||
| CVE-2024-22253 | 0.00 | — | 0.01 | Mar 5, 2024 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.… | |||
| CVE-2024-22252 | 0.00 | — | 0.04 | Mar 5, 2024 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.… | |||
| CVE-2024-22251 | 0.00 | — | 0.00 | Feb 27, 2024 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. | |||
| CVE-2023-34045 | 0.00 | — | 0.00 | Oct 20, 2023 | VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with… | |||
| CVE-2023-34046 | 0.00 | — | 0.00 | Oct 20, 2023 | VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious… | |||
| CVE-2023-34044 | 0.00 | — | 0.00 | Oct 20, 2023 | VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual… | |||
| CVE-2023-20869 | 0.00 | — | 0.02 | Apr 25, 2023 | VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | |||
| CVE-2023-20872 | 0.00 | — | 0.01 | Apr 25, 2023 | VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | |||
| CVE-2023-20871 | 0.00 | — | 0.00 | Apr 25, 2023 | VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. | |||
| CVE-2023-20870 | 0.00 | — | 0.00 | Apr 25, 2023 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | |||
| CVE-2022-31705 | 0.00 | — | 0.02 | Dec 14, 2022 | VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running… |
- CVE-2025-60424Oct 27, 2025risk 0.00cvss —epss 0.01
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.
- CVE-2025-60425Oct 27, 2025risk 0.00cvss —epss 0.01
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.
- CVE-2024-38811Sep 3, 2024risk 0.00cvss —epss 0.00
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
- CVE-2024-22273May 21, 2024risk 0.00cvss —epss 0.00
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the…
- CVE-2024-22270May 14, 2024risk 0.00cvss —epss 0.01
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor…
- CVE-2024-22269May 14, 2024risk 0.00cvss —epss 0.01
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
- CVE-2024-22268May 14, 2024risk 0.00cvss —epss 0.01
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service…
- CVE-2024-22267May 14, 2024risk 0.00cvss —epss 0.01
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
- CVE-2024-22255Mar 5, 2024risk 0.00cvss —epss 0.02
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
- CVE-2024-22253Mar 5, 2024risk 0.00cvss —epss 0.01
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…
- CVE-2024-22252Mar 5, 2024risk 0.00cvss —epss 0.04
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…
- CVE-2024-22251Feb 27, 2024risk 0.00cvss —epss 0.00
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
- CVE-2023-34045Oct 20, 2023risk 0.00cvss —epss 0.00
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with…
- CVE-2023-34046Oct 20, 2023risk 0.00cvss —epss 0.00
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious…
- CVE-2023-34044Oct 20, 2023risk 0.00cvss —epss 0.00
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual…
- CVE-2023-20869Apr 25, 2023risk 0.00cvss —epss 0.02
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
- CVE-2023-20872Apr 25, 2023risk 0.00cvss —epss 0.01
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
- CVE-2023-20871Apr 25, 2023risk 0.00cvss —epss 0.00
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
- CVE-2023-20870Apr 25, 2023risk 0.00cvss —epss 0.00
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
- CVE-2022-31705Dec 14, 2022risk 0.00cvss —epss 0.02
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running…
Page 3 of 7