VYPR

Fusion

by VMware

CVEs (134)

  • CVE-2025-60424Oct 27, 2025
    risk 0.00cvss epss 0.01

    A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.

  • CVE-2025-60425Oct 27, 2025
    risk 0.00cvss epss 0.01

    Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

  • CVE-2024-38811Sep 3, 2024
    risk 0.00cvss epss 0.00

    VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

  • CVE-2024-22273May 21, 2024
    risk 0.00cvss epss 0.00

    The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the…

  • CVE-2024-22270May 14, 2024
    risk 0.00cvss epss 0.01

    VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor…

  • CVE-2024-22269May 14, 2024
    risk 0.00cvss epss 0.01

    VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

  • CVE-2024-22268May 14, 2024
    risk 0.00cvss epss 0.01

    VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service…

  • CVE-2024-22267May 14, 2024
    risk 0.00cvss epss 0.01

    VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

  • CVE-2024-22255Mar 5, 2024
    risk 0.00cvss epss 0.02

    VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.  

  • CVE-2024-22253Mar 5, 2024
    risk 0.00cvss epss 0.01

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…

  • CVE-2024-22252Mar 5, 2024
    risk 0.00cvss epss 0.04

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…

  • CVE-2024-22251Feb 27, 2024
    risk 0.00cvss epss 0.00

    VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.

  • CVE-2023-34045Oct 20, 2023
    risk 0.00cvss epss 0.00

    VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with…

  • CVE-2023-34046Oct 20, 2023
    risk 0.00cvss epss 0.00

    VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious…

  • CVE-2023-34044Oct 20, 2023
    risk 0.00cvss epss 0.00

    VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual…

  • CVE-2023-20869Apr 25, 2023
    risk 0.00cvss epss 0.02

    VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

  • CVE-2023-20872Apr 25, 2023
    risk 0.00cvss epss 0.01

    VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

  • CVE-2023-20871Apr 25, 2023
    risk 0.00cvss epss 0.00

    VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

  • CVE-2023-20870Apr 25, 2023
    risk 0.00cvss epss 0.00

    VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

  • CVE-2022-31705Dec 14, 2022
    risk 0.00cvss epss 0.02

    VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running…

Page 3 of 7