CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2017-4899
https://notcve.org/view.php?id=CVE-2017-4899
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed. Workstation Pro/Player versiones 12.x anteriores a 12.5.3 de VMware, contiene una vulnerabilidad de seguridad que se presenta en el controlador SVGA. Un atacante puede explotar este problema para bloquear la máquina virtual o activar una lectura fuera de límite. • http://www.securityfocus.com/bid/96771 http://www.securitytracker.com/id/1037979 http://www.vmware.com/security/advisories/VMSA-2017-0003.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-4900
https://notcve.org/view.php?id=CVE-2017-4900
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware Workstation Pro/Player 12.x anterior a 12.5.3 contiene una vulnerabilidad de puntero NULL que existe en el driver SVGA. Una explotación satisfactoria de este problema permitirá a los atacantes con privilegios de usuario normal hacer caer la aplicación. • http://www.securityfocus.com/bid/96770 http://www.securitytracker.com/id/1037979 http://www.vmware.com/security/advisories/VMSA-2017-0003.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2017-4915 – VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-4915
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine. Workstation Pro/Player de VMware, contiene una vulnerabilidad de carga de biblioteca no segura por medio de los archivos de configuración del controlador de sonido ALSA. La explotación con éxito de este problema puede permitir a los usuarios del host sin privilegios escalar sus privilegios a root en una máquina host de Linux. • https://www.exploit-db.com/exploits/42045 https://www.exploit-db.com/exploits/47171 http://www.securityfocus.com/bid/98566 http://www.securitytracker.com/id/1038525 https://www.vmware.com/security/advisories/VMSA-2017-0009.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 1CVE-2017-4916 – VMware Workstation 12 Pro - Denial of Service
https://notcve.org/view.php?id=CVE-2017-4916
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. Workstation Pro/Player de VMware, contiene una vulnerabilidad de desreferencia de un puntero NULL que se presenta en el controlador vstor2. La explotación con éxito de este problema puede permitir a los usuarios del host con privilegios de usuario normal desencadenar una denegación de servicio en una máquina host de Windows. VMware Workstation version 12 Pro suffers from a null pointer dereference in the vstor2 driver. • https://www.exploit-db.com/exploits/42140 http://www.securityfocus.com/bid/98560 http://www.securitytracker.com/id/1038526 https://www.vmware.com/security/advisories/VMSA-2017-0009.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-4902 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4902
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-- en SVGA. Este problema permitiría a un huésped ejecutar código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/97163 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •