CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6965 – VMware Security Advisory 2018-0016
https://notcve.org/view.php?id=CVE-2018-6965
29 Jun 2018 — VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967. VMware ESXi (versiones 6.7 anteriores a ESXi670-201806401-BG), Workstation (versiones 14.x an... • http://www.securityfocus.com/bid/104709 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6966 – VMware Security Advisory 2018-0016
https://notcve.org/view.php?id=CVE-2018-6966
29 Jun 2018 — VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967. VMware ESXi (versiones 6.7, anteriores a ESXi670-201806401-BG), Workstation (versiones 14.x, ... • http://www.securityfocus.com/bid/104709 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6967 – VMware Security Advisory 2018-0016
https://notcve.org/view.php?id=CVE-2018-6967
29 Jun 2018 — VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966. VMware ESXi (versiones 6.7 anteriores a ESXi670-201806401-BG), Workstation (versiones 14.x an... • http://www.securityfocus.com/bid/104709 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2017-4952
https://notcve.org/view.php?id=CVE-2017-4952
02 May 2018 — VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure. VMware Xenon en versiones 1.x anteriores a la 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1 y 1.5.4_8, contiene una vulnerabilidad de om... • https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-4928
https://notcve.org/view.php?id=CVE-2017-4928
17 Nov 2017 — An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. vSphere Web Client basado en flash(en versiones 6.0 anteriores a la 6.0 U3c y versiones 5.5 anteriores a la 5.5 U3f), es decir, no el nuevo vSphere Client basado en HTML5, contiene problemas de inyección SSRF y CRLF debido a una neutralización incorrecta de URL. • http://www.securityfocus.com/bid/101785 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2017-4929
https://notcve.org/view.php?id=CVE-2017-4929
17 Nov 2017 — VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. VMware NSX Edge (en versioens 6.2.x anteriores a la 6.2.9 y versiones 6.3.x anteriroes a la 6.3.5) contiene un error de Cross-Site Scripting (XSS) moderado que puede dar lugar a una revelación de información. • http://www.securityfocus.com/bid/101891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4922
https://notcve.org/view.php?id=CVE-2017-4922
01 Aug 2017 — VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. ... VMware vCenter Server en su versión 6.5 anterior a la 6.5 U1 tiene un problema de fuga de información puesto que el script de inicio del servicio utiliza directorios modificables por cualquier usuario para almacenar temporalmente información crítica. • http://www.securityfocus.com/bid/100012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4923
https://notcve.org/view.php?id=CVE-2017-4923
01 Aug 2017 — VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. ... VMware vCenter Server en su versión 6.5 anterior a la 6.5 U1 contiene una vulnerabilidad de fuga de información. • http://www.securityfocus.com/bid/99997 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 2%CPEs: 18EXPL: 1CVE-2017-4905 – VMware Workstation Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-4905
30 Mar 2017 — VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin ... • https://www.exploit-db.com/exploits/47715 • CWE-908: Use of Uninitialized Resource •