25 results (0.015 seconds)

CVSS: 8.2EPSS: 0%CPEs: 22EXPL: 0

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de escritura fuera de los límites en el controlador USB 2.0 (EHCI). Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host. • https://www.vmware.com/security/advisories/VMSA-2022-0033.html • CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 41EXPL: 0

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. VMware Workstation (versiones 14.x anteriores a la 14.1.1 y 12.x) y Fusion (10.x anteriores a la 10.1.1 y 8.x) contiene una vulnerabilidad de denegación de servicio (DoS) que se puede desencadenar al abrir un número excesivo de sesiones VNC. Nota: Para que su explotación sea posible en Workstation y Fusion, se debe habilitar VNC manualmente. • http://www.securityfocus.com/bid/103431 http://www.securitytracker.com/id/1040539 https://www.vmware.com/security/advisories/VMSA-2018-0008.html • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. VMware Workstation y Fusion contienen una vulnerabilidad de uso de memoria previamente liberada en el servicio VMware NAT cuando el modo IPv6 está habilitado. Este problema puede permitir que un invitado ejecute código en el host. • http://www.securityfocus.com/bid/102489 http://www.securitytracker.com/id/1040161 https://www.vmware.com/security/advisories/VMSA-2018-0005.html • CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. VMware Workstation y Fusion contienen una vulnerabilidad de desbordamiento de enteros en el servicio VMware NAT cuando el modo IPv6 está habilitado. Este problema podría conducir a una lectura fuera de límites, que podrá utilizarse para ejecutar código en el host en combinación con otros problemas. • http://www.securityfocus.com/bid/102490 http://www.securitytracker.com/id/1040161 https://www.vmware.com/security/advisories/VMSA-2018-0005.html • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 37EXPL: 0

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. VMware Workstation (14.x y 12.x) y Fusion (10.x y 8.x) contienen una vulnerabilidad de control de acceso invitado. • http://www.securityfocus.com/bid/102441 http://www.securitytracker.com/id/1040109 http://www.securitytracker.com/id/1040136 https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html •