CVSS: 8.8EPSS: 7%CPEs: 35EXPL: 0CVE-2017-4933
https://notcve.org/view.php?id=CVE-2017-4933
20 Dec 2017 — VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .v... • http://www.securitytracker.com/id/1040024 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 5%CPEs: 89EXPL: 0CVE-2017-4941
https://notcve.org/view.php?id=CVE-2017-4941
20 Dec 2017 — VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx... • http://www.securitytracker.com/id/1040024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-4939
https://notcve.org/view.php?id=CVE-2017-4939
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code. El instalador de VMware Workstation (en versiones 12.x anteriores a la 12.5.8) contiene un error de secuestro de DLL que existe debido a que la aplicación carga algunos archivos DLL de manera incorrecta. Este error puede permitir que un atacante... • http://www.securityfocus.com/bid/101890 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2017-4934 – VMware Workstation NAT IP Fragment Reassembly Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4934
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el dispositivo VMNAT. Este problema puede permitir que un invitado ejecute código en el host. This vulnerability allo... • http://www.securityfocus.com/bid/101903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-4935 – ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4935
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtua... • http://www.securityfocus.com/bid/101902 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-4936
https://notcve.org/view.php?id=CVE-2017-4936
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. VMware Workstation (en versiones 12.x an... • http://www.securityfocus.com/bid/101892 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-4937
https://notcve.org/view.php?id=CVE-2017-4937
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual... • http://www.securityfocus.com/bid/101892 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2017-4938
https://notcve.org/view.php?id=CVE-2017-4938
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desreferencia de puntero NULL en una llamada de un usuario invitado. Una explotación exitosa de este error puede permitir que atacan... • http://www.securityfocus.com/bid/101887 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 91EXPL: 0CVE-2017-4925
https://notcve.org/view.php?id=CVE-2017-4925
15 Sep 2017 — VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware ESXi 6.5 sin el parche ESXi650-201707101-SG, ESXi 6.0 sin el parche ESXi600-201706101-SG, ESXi ... • http://www.securityfocus.com/bid/100842 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-4924 – VMware Workstation Shader Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4924
15 Sep 2017 — VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (ESXi 6.5 sin el parche ESXi650-201707101-SG), Workstation (en versiones 12.x anteriores a la 12.5.7) y Fusion (en versiones 8.x anteriores a la 8.5.8) contienen una vulnerabilidad de escritura fuera de límites en un dispositivo SVGA. Este problema podría per... • http://www.securityfocus.com/bid/100843 • CWE-787: Out-of-bounds Write •