Page 10 of 122 results (0.008 seconds)

CVSS: 5.9EPSS: 1%CPEs: 120EXPL: 0

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. La actualizaciones de VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y 6.5 anteriores a ESXi650-201903001), Workstation (versiones 15.x anteriores a 15.0.3 y 14.x anteriores a 14.1.6), Fusion (versiones 11.x anteriores a 11.0.3 y 10.x anteriores a 10.1.6) abordan una vulnerabilidad de fuera de límites. • https://www.vmware.com/security/advisories/VMSA-2019-0006.html https://www.zerodayinitiative.com/advisories/ZDI-19-369 • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 120EXPL: 0

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0762 https://www.vmware.com/security/advisories/VMSA-2019-0006.html • CWE-125: Out-of-bounds Read •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest. Las actualizaciones de VMware Workstation (en las versiones 15.x anteriores a a la 15.0.3, y las 14.x anteriores a la 14.1.6) y de Fusion (en las versiones 11.x anteriores a a la 11.0.3, y las 10.x anteriores a la 10.1.6) abordan una vulnerabilidad de escritura fuera de límites en los adaptadores de red virtual e1000 y e1000e. La explotación de este problema podría conducir a una ejecución de código en el host desde el invitado, pero es más probable que resulte en una denegación de servicio (DoS) de esta.. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html https://www.securityfocus.com/bid/107634 https://www.vmware.com/security/advisories/VMSA-2019-0005.html https://www.zerodayinitiative.com/advisories/ZDI-19-306 https://www.zerodayinitiative.com/advisories/ZDI-19-516 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 75EXPL: 0

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host. VMware ESXi (en las versiones 6.7 anteriores a la ESXi670-201903001, en las 6.5 anteriores a la ESXi650-201903001 y en las 6.0 anteriores a la ESXi600-201903001), Workstation (en las versiones 15.x anteriores a la 15.0.4 y en las 14.x anteriores a la 14.1.7), Fusion (en las versiones 11.x anteriores a la 11.0.3 y en las 10.x anteriores a la 10.1.6) contiene una vulnerabilidad de time-of-check time-of-use (TOCTOU) en la UHCI virtual (Universal Host Controller Interface) de USB 1.1. La explotación de este fallo requiere que el atacante tenga acceso a una máquina virtual con un controlador USB virtual presente. • http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html http://www.securityfocus.com/bid/107535 http://www.securityfocus.com/bid/108443 https://www.vmware.com/security/advisories/VMSA-2019-0005.html https://www.zerodayinitiative.com/advisories/ZDI-19-420 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host. VMware Workstation (en las versiones 14.x anteriores a la 14.1.6) y Fusion (en las versiones 10.x anteriores a la 10.1.6) contienen una vulnerabilidad de escritura fuera de límites en el adaptador de red virtual e1000. Este problema puede permitir que un invitado ejecute código en el host. • http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html http://www.securityfocus.com/bid/107635 https://www.vmware.com/security/advisories/VMSA-2019-0005.html • CWE-787: Out-of-bounds Write •