Page 2 of 122 results (0.002 seconds)

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-20870 – VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2023-20870

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the UHCI component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the hypervisor. • https://www.vmware.com/security/advisories/VMSA-2023-0008.html • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2023-20872

https://notcve.org/view.php?id=CVE-2023-20872

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. • https://github.com/ze0r/vmware-escape-CVE-2023-20872-poc https://www.vmware.com/security/advisories/VMSA-2023-0008.html • CWE-787: Out-of-bounds Write •

CVSS: 8.2EPSS: 0%CPEs: 22EXPL: 0

CVE-2022-31705

https://notcve.org/view.php?id=CVE-2022-31705

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de escritura fuera de los límites en el controlador USB 2.0 (EHCI). Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host. • https://www.vmware.com/security/advisories/VMSA-2022-0033.html • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-22043

https://notcve.org/view.php?id=CVE-2021-22043

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. VMware ESXi contiene una vulnerabilidad TOCTOU (Time-of-check Time-of-use) que se presenta en la forma de manejar los archivos temporales. Un actor malicioso con acceso a settingsd, puede explotar este problema para escalar sus privilegios al escribir archivos arbitrarios • https://www.vmware.com/security/advisories/VMSA-2022-0004.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 6.7EPSS: 0%CPEs: 171EXPL: 0

CVE-2021-22041

https://notcve.org/view.php?id=CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de doble búsqueda en el controlador USB UHCI. Un actor malicioso con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar código como el proceso VMX de la máquina virtual que es ejecutada en el host • https://www.vmware.com/security/advisories/VMSA-2022-0004.html •