Horizon VMware Horizon

Do you want an email whenever new security vulnerabilities are reported in VMware Horizon?

By the Year

In 2022 there have been 1 vulnerability in VMware Horizon with an average score of 6.5 out of ten. Horizon did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 1 6.50
2021 0 0.00
2020 1 5.40
2019 1 8.80
2018 0 0.00

It may take a day or so for new Horizon vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent VMware Horizon Security Vulnerabilities

VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component

CVE-2022-22938 6.5 - Medium - January 28, 2022

VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability

CVE-2020-3997 5.4 - Medium - October 23, 2020

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.

XSS

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device

CVE-2019-5527 8.8 - High - October 10, 2019

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for VMware Esxi or by VMware? Click the Watch button to subscribe.

VMware
Vendor

subscribe