English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

VMware Fusion 11.5.3

CPE Details

VMware Fusion 11.5.3
vmware
fusion
11.5.3
2020-06-01 15:58 +00:00
2020-06-01 15:58 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:vmware:fusion:11.5.3:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

fusion

Version

11.5.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-3960 2021-09-15 10:14 +00:00 VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
8.4
HIGH
CVE-2020-3999 2020-12-21 14:14 +00:00 VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
6.5
MEDIUM
CVE-2020-4004 2020-11-20 18:06 +00:00 VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
8.2
HIGH
CVE-2020-3982 2020-10-20 14:09 +00:00 VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
7.7
HIGH
CVE-2020-3981 2020-10-20 14:08 +00:00 VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
5.8
MEDIUM
CVE-2020-3980 2020-09-16 14:13 +00:00 VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
6.7
MEDIUM
CVE-2020-3974 2020-07-10 11:14 +00:00 VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.
7.8
HIGH
CVE-2020-3968 2020-06-25 12:43 +00:00 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
8.2
HIGH
CVE-2020-3967 2020-06-25 12:39 +00:00 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
7.5
HIGH
CVE-2020-3970 2020-06-25 12:37 +00:00 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
3.8
LOW
CVE-2020-3962 2020-06-24 14:01 +00:00 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
8.2
HIGH
CVE-2020-3969 2020-06-24 14:00 +00:00 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
7.8
HIGH
CVE-2020-3957 2020-05-29 17:37 +00:00 VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.
7
HIGH

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.