CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3987 – VMware Workstation ThinPrint EMR_STRETCHDIBITS Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3987
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (versión 15.x) y Horizon Client para Windows (versión 5.x anteriores a 5.4.4), contienen una vulnerabilidad de lectura fuera de límites en el componente Cortado ThinPrint (analizador EMR STRETCHDIBITS). Un actor malicioso con acceso normal a una máquina virtual puede explotar estos problemas para crear una condición de denegación de servicio parcial o para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde está instalada Workstation o Horizon Client para Windows This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the parsing of EMF files in the ThinPrint component. • https://www.vmware.com/security/advisories/VMSA-2020-0020.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3988 – VMware Workstation ThinPrint JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3988
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (versión 15.x) y Horizon Client para Windows (versión 5.x anteriores a 5.4.4), contienen una vulnerabilidad de lectura fuera de límites en el componente Cortado ThinPrint (analizador JPEG2000). Un actor malicioso con acceso normal a una máquina virtual puede explotar estos problemas para crear una condición de denegación de servicio parcial o para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde está instalado Workstation o Horizon Client para Windows This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ThinPrint component. • https://www.vmware.com/security/advisories/VMSA-2020-0020.html • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 3%CPEs: 30EXPL: 1CVE-2018-5511 – VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-5511
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En F5 BIG-IP, de la versión 13.1.0 a la 13.1.0.3 o en la versión 13.0.0, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Management User Interface), también llamado utilidad BIG-IP Configuration, podrían no aplicarse las restricciones sobre los comandos permitidos. The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. • https://www.exploit-db.com/exploits/46600 http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html https://support.f5.com/csp/article/K30500703 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 5.3EPSS: 0%CPEs: 41EXPL: 0CVE-2018-6957
https://notcve.org/view.php?id=CVE-2018-6957
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. VMware Workstation (versiones 14.x anteriores a la 14.1.1 y 12.x) y Fusion (10.x anteriores a la 10.1.1 y 8.x) contiene una vulnerabilidad de denegación de servicio (DoS) que se puede desencadenar al abrir un número excesivo de sesiones VNC. Nota: Para que su explotación sea posible en Workstation y Fusion, se debe habilitar VNC manualmente. • http://www.securityfocus.com/bid/103431 http://www.securitytracker.com/id/1040539 https://www.vmware.com/security/advisories/VMSA-2018-0008.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-4898
https://notcve.org/view.php?id=CVE-2017-4898
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. Workstation Pro/Player versiones 12.x anteriores a 12.5.3 de VMware, contiene una vulnerabilidad de carga de DLL que ocurre debido al proceso "vmware-vmx" que carga archivos DLL desde una ruta (path) definida en la variable de entorno local. La explotación con éxito de este problema puede permitir a los usuarios normales escalar privilegios al sistema en la máquina host donde está instalada Workstation de VMware. • http://www.securityfocus.com/bid/96772 http://www.securitytracker.com/id/1037979 http://www.vmware.com/security/advisories/VMSA-2017-0003.html •