CVE-2020-3976
https://notcve.org/view.php?id=CVE-2020-3976
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. VMware ESXi y vCenter Server, contienen una vulnerabilidad de denegación de servicio parcial en sus respectivos servicios de autenticación. VMware ha evaluado que la gravedad de este problema se encuentra en el rango de gravedad Moderada con una puntuación base máxima de CVSSv3 de 5.3. • https://www.vmware.com/security/advisories/VMSA-2020-0018.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-3971
https://notcve.org/view.php?id=CVE-2020-3971
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y versiones 6.5 anteriores a ESXi650-201907101-SG), Workstation (versiones 15.x anteriores a 15.0.2) y Fusion (versiones 11.x anteriores a 11.0.2), contiene una vulnerabilidad de desbordamiento de la pila en el adaptador de red virtual vmxnet3. Un actor malicioso con acceso local a una máquina virtual con un adaptador de red vmxnet3 presente puede ser capaz de leer información privilegiada contenida en la memoria física • https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-787: Out-of-bounds Write •
CVE-2020-3965
https://notcve.org/view.php?id=CVE-2020-3965
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene una filtración de información en el controlador USB XHCI. Un actor malicioso con acceso local a una máquina virtual puede ser capaz de leer información privilegiada contenida en la memoria del hipervisor desde una máquina virtual • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html http://seclists.org/fulldisclosure/2020/Jul/22 https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-125: Out-of-bounds Read •
CVE-2020-3964
https://notcve.org/view.php?id=CVE-2020-3964
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene una filtración de información en el controlador USB EHCI. Un actor malicioso con acceso local a una máquina virtual puede ser capaz de leer información privilegiada contenida en la memoria del hipervisor. • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html http://seclists.org/fulldisclosure/2020/Jul/22 https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-908: Use of Uninitialized Resource •
CVE-2020-3963
https://notcve.org/view.php?id=CVE-2020-3963
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene una vulnerabilidad de uso de la memoria previamente liberada en PVNVRAM. Un actor malicioso con acceso local a una máquina virtual puede ser capaz de leer información privilegiada contenida en la memoria física • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html http://seclists.org/fulldisclosure/2020/Jul/22 https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-416: Use After Free •