CVSS: 8.2EPSS: 0%CPEs: 22EXPL: 1CVE-2022-31705
https://notcve.org/view.php?id=CVE-2022-31705
14 Dec 2022 — VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusio... • https://github.com/s0duku/cve-2022-31705 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22043
https://notcve.org/view.php?id=CVE-2021-22043
16 Feb 2022 — VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. VMware ESXi contiene una vulnerabilidad TOCTOU (Time-of-check Time-of-use) que se presenta en la forma de manejar los archivos temporales. Un actor malicioso con acceso a settingsd, puede explotar este problema para escalar sus privilegios al escribir archivos arb... • https://www.vmware.com/security/advisories/VMSA-2022-0004.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 171EXPL: 0CVE-2021-22041
https://notcve.org/view.php?id=CVE-2021-22041
16 Feb 2022 — VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de doble búsqueda en el controlador USB UHCI. Un actor malicioso con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar c... • https://www.vmware.com/security/advisories/VMSA-2022-0004.html •
CVSS: 6.7EPSS: 0%CPEs: 173EXPL: 0CVE-2021-22040
https://notcve.org/view.php?id=CVE-2021-22040
16 Feb 2022 — VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de uso de memoria previamente liberada en el controlador USB XHCI. Un actor malicioso con privilegios administrativos locales en una máquina virtual puede aprovechar este p... • https://www.vmware.com/security/advisories/VMSA-2022-0004.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 218EXPL: 0CVE-2021-22045 – VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22045
04 Jan 2022 — VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. VMware ESXi (versiones 7.0, 6.7 anteriores a ESXi670-202111101-SG y 6.5 anteriores a ESXi... • http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 184EXPL: 0CVE-2020-4004
https://notcve.org/view.php?id=CVE-2020-4004
20 Nov 2020 — VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, versiones 6.7 anteriores a ESXi670-2020... • https://www.vmware.com/security/advisories/VMSA-2020-0026.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2015-6933
https://notcve.org/view.php?id=CVE-2015-6933
09 Jan 2016 — The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. La implementación VMware Tools HGFS (también conocida como Shared Folders) en VMware Workstation 11.x en versiones anteriores a 11.1.2, VMware Player 7.x en versiones a... • http://www.securitytracker.com/id/1034603 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2336 – VMware Security Advisory 2015-0004
https://notcve.org/view.php?id=CVE-2015-2336
09 Jun 2015 — TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897. TPView.dll en VMware Workstation 10.x anterior a 10.0.6 y 11.x anterior a 11.1.1, VMware Player 6.x anterior a 6... • http://www.securityfocus.com/bid/75095 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2337 – VMware Security Advisory 2015-0004
https://notcve.org/view.php?id=CVE-2015-2337
09 Jun 2015 — TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. TPInt.dll en VMware Workstation 10.x anterior a 10.0.6 y 11.x anterior a 11.1.1, VMware Player 6.x anterior a 6.0.6 y 7.x anterior a 7.1.1, y VMware Horizon Cl... • http://www.securityfocus.com/bid/75095 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2338 – VMware Security Advisory 2015-0004
https://notcve.org/view.php?id=CVE-2015-2338
09 Jun 2015 — TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339. TPview.dll en VMware Workstation 10.x anterior a 10.0.6 y 11.x anterior a 11.1.1, VMware Player 6.x anterior a 6.0.6... • http://www.securityfocus.com/bid/75092 • CWE-399: Resource Management Errors •