This page lists publicly disclosed CVE vulnerabilities affecting vmware horizon (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-22964 | VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | [email protected] | 7.8 | 0.05% | 2022-04-11 | 2024-11-21 |
| CVE-2022-22962 | VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. | [email protected] | 7.8 | 0.04% | 2022-04-11 | 2024-11-21 |
| CVE-2022-22938 | VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. | [email protected] | 6.5 | 0.08% | 2022-01-28 | 2024-11-21 |
| CVE-2020-3997 | VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. | [email protected] | 5.4 | 0.23% | 2020-10-23 | 2024-11-21 |
| CVE-2019-5527 | ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. | [email protected] | 8.8 | 0.03% | 2019-10-10 | 2024-11-21 |
| CVE-2019-5513 | VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address. | [email protected] | 5.3 | 0.72% | 2019-04-09 | 2024-11-21 |