CVSS: 8.8EPSS: 2%CPEs: 89EXPL: 0CVE-2017-4941
https://notcve.org/view.php?id=CVE-2017-4941
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. VMware ESXi (6.0 anteriores a ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de pila mediante una serie específica de paquetes VNC. • http://www.securitytracker.com/id/1040024 http://www.securitytracker.com/id/1040025 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 120EXPL: 0CVE-2017-4940
https://notcve.org/view.php?id=CVE-2017-4940
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. El ESXi Host Client en VMware ESXi (6.5 anteriores a la ESXi650-201712103-SG, 5.5 anteriores a la ESXi600-201711103-SG y 5.5 anteriores a la ESXi550-201709102-SG) contiene una vulnerabilidad que podría contener Cross-Site Scripting (XSS) persistente. Un atacante puede explotar esta vulnerabilidad inyectando código JavaScript que podría ejecutarse cuando otros usuarios acceden a Host Client. • http://www.securitytracker.com/id/1040024 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 15%CPEs: 35EXPL: 0CVE-2017-4933
https://notcve.org/view.php?id=CVE-2017-4933
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. VMware ESXi (6.5 anteriores a ESXi650-201710401-BG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de memoria dinámica (heap) mediante una serie específica de paquetes VNC, resultando en una corrupción de memoria dinámica. • http://www.securitytracker.com/id/1040024 http://www.securitytracker.com/id/1040025 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-4943
https://notcve.org/view.php?id=CVE-2017-4943
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. VMware vCenter Server Appliance (vCSA) (6.5 anteriores a 6.5 U1d) contiene una vulnerabilidad de escalado de privilegios locales mediante el plugin showlog. La explotación exitosa de esta vulnerabilidad podría resultar en que un usuario poco privilegiado obtenga privilegios a nivel de root en el sistema operativo base de la máquina. • http://www.securitytracker.com/id/1040026 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4942
https://notcve.org/view.php?id=CVE-2017-4942
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. VMware AirWatch Console (AWC) contiene una vulnerabilidad de control de acceso roto. La explotación con éxito de este problema podría desembocar en la revelación de detalles del dispositivo del usuario final a un administrador no autorizado. • http://www.securityfocus.com/bid/102171 http://www.securitytracker.com/id/1040003 https://www.vmware.com/security/advisories/VMSA-2017-0020.html •