U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:vmware:workstation:4.0
There are 18 matching records.
Displaying matches 1 through 18.
Vuln ID Summary CVSS Severity
CVE-2014-4200

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

Published: August 28, 2014; 11:14:09 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2014-4199

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

Published: August 28, 2014; 11:14:09 AM -0400
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2012-1666

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

Published: September 08, 2012; 6:28:20 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2009-1805

Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.

Published: June 01, 2009; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2009-1244

Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.

Published: April 13, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-1147

Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.

Published: April 06, 2009; 11:30:04 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2009-1146

Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.

Published: April 06, 2009; 11:30:04 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-0062

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

Published: September 21, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-1069

The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).

Published: May 02, 2007; 3:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1337

The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.

Published: May 02, 2007; 3:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1744

Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.

Published: May 02, 2007; 3:19:00 PM -0400
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2007-1876

VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."

Published: May 02, 2007; 3:19:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-1877

VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.

Published: May 02, 2007; 3:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2005-4459

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

Published: December 21, 2005; 3:03:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2005-0444

VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.

Published: February 14, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-0739

VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.

Published: October 20, 2003; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-0631

VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.

Published: August 27, 2003; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2003-0480

VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."

Published: August 07, 2003; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 3.7 LOW