CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. • https://www.exploit-db.com/exploits/43427 https://github.com/sachinthaBS/Spectre-Vulnerability-CVE-2017-5753- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://nvidia.custhe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2017-4941
https://notcve.org/view.php?id=CVE-2017-4941
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. VMware ESXi (6.0 anteriores a ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de pila mediante una serie específica de paquetes VNC. • http://www.securitytracker.com/id/1040024 http://www.securitytracker.com/id/1040025 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-4939
https://notcve.org/view.php?id=CVE-2017-4939
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code. El instalador de VMware Workstation (en versiones 12.x anteriores a la 12.5.8) contiene un error de secuestro de DLL que existe debido a que la aplicación carga algunos archivos DLL de manera incorrecta. Este error puede permitir que un atacante cargue un archivo DLL elegido por él que podría ejecutar código arbitrario. • http://www.securityfocus.com/bid/101890 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-426: Untrusted Search Path •
CVE-2017-4937
https://notcve.org/view.php?id=CVE-2017-4937
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. • http://www.securityfocus.com/bid/101892 http://www.securitytracker.com/id/1039835 http://www.securitytracker.com/id/1039836 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-125: Out-of-bounds Read •
CVE-2017-4935 – ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4935
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. • http://www.securityfocus.com/bid/101902 http://www.securitytracker.com/id/1039835 http://www.securitytracker.com/id/1039836 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-787: Out-of-bounds Write •