CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22269 – VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22269
14 May 2024 — VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. VMware Workstation y Fusion contienen una vulnerabilidad de divulgación de información en el dispositivo vbluetooth. Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede leer información privil... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22267 – VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-22267
14 May 2024 — VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware Workstation y Fusion contienen una vulnerabilidad de use-after-free en el dispositivo vbluetooth. Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar código... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22264 – VMware Avi Load Balancer updates address multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2024-22264
08 May 2024 — VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system. VMware Avi Load Balancer contiene una vulnerabilidad de escalada de privilegios. Un actor malintencionado con privilegios de administrador en VMware Avi Load Balancer puede crear, modificar, ejecutar y eliminar archivos como usuario root en el sistema host. VMware Avi Load Balancer contains ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219 •
CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22254 – Out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-22254
05 Mar 2024 — VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. VMware ESXi contiene una vulnerabilidad de escritura fuera de los límites. Un actor malicioso con privilegios dentro del proceso VMX puede desencadenar una escritura fuera de los límites que conduzca a un escape del entorno limitado. VMware ESXi contains an out-of-bounds write vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22253 – Use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2024-22253
05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22252 – Use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2024-22252
05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22250 – Session Hijack Vulnerability in Deprecated EAP Browser Plugin
https://notcve.org/view.php?id=CVE-2024-22250
20 Feb 2024 — Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system. La vulnerabilidad de secuestro de sesión en el obsoleto complemento de autenticación mejorada de VMware podría permitir que un actor malicioso con acceso local sin privilegios a un sistema operativo Windows pueda secuestrar una sesión EAP p... • https://www.vmware.com/security/advisories/VMSA-2024-0003.html • CWE-384: Session Fixation •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22245 – Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin
https://notcve.org/view.php?id=CVE-2024-22245
20 Feb 2024 — Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). Las vulnerabilidades de retransmisión de autenticación arbitraria y secuestro de sesión en el obsoleto complemento de autenticación mejorada (EAP) de VMware podrían pe... • https://www.vmware.com/security/advisories/VMSA-2024-0003.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22953
https://notcve.org/view.php?id=CVE-2022-22953
16 Jun 2022 — VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. La actualización de VMware HCX aborda una vulnerabilidad de divulgación de información. Un actor malicioso con acceso de usuario de red al dispositivo VMware HCX podría conseguir acceso a información confidencial • https://www.vmware.com/security/advisories/VMSA-2022-0017.html •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2009-0518
https://notcve.org/view.php?id=CVE-2009-0518
06 Apr 2009 — VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. VI Client de VMware VirtualCenter en versiones anteriores a la v2.5 Update 4, VMware ESXi 3.5 en sus versiones anteriores a Update 4, and VMware ESX 3.5 en sus versiones anteriores a Update 4 retienen la contraseña de VirtualCenter Server en la memoria de proceso, lo que p... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •