Page 2 of 15 results (0.004 seconds)

CVSS: 8.8EPSS: 2%CPEs: 89EXPL: 0

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. VMware ESXi (6.0 anteriores a ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de pila mediante una serie específica de paquetes VNC. • http://www.securitytracker.com/id/1040024 http://www.securitytracker.com/id/1040025 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 15%CPEs: 35EXPL: 0

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. VMware ESXi (6.5 anteriores a ESXi650-201710401-BG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de memoria dinámica (heap) mediante una serie específica de paquetes VNC, resultando en una corrupción de memoria dinámica. • http://www.securitytracker.com/id/1040024 http://www.securitytracker.com/id/1040025 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el dispositivo VMNAT. Este problema puede permitir que un invitado ejecute código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/101903 http://www.securitytracker.com/id/1039835 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desreferencia de puntero NULL en una llamada de un usuario invitado. Una explotación exitosa de este error puede permitir que atacantes con privilegios de usuario normal cierren de forma inesperada sus máquinas virtuales. • http://www.securityfocus.com/bid/101887 http://www.securitytracker.com/id/1039835 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (ESXi 6.5 sin el parche ESXi650-201707101-SG), Workstation (en versiones 12.x anteriores a la 12.5.7) y Fusion (en versiones 8.x anteriores a la 8.5.8) contienen una vulnerabilidad de escritura fuera de límites en un dispositivo SVGA. Este problema podría permitir que un invitado ejecute código en el host. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/100843 http://www.securitytracker.com/id/1039365 http://www.securitytracker.com/id/1039366 https://0patch.blogspot.com/2017/10/micropatching-hypervisor-with-running.html https://www.vmware.com/security/advisories/VMSA-2017-0015.html • CWE-787: Out-of-bounds Write •