CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31693 – Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting <= 1.5.68 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-31693
The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. El complemento 10Web Photo Gallery hasta la versión 1.5.68 para WordPress permite Cross Site Scripting (XSS) a través de album_gallery_id_0, bwg_album_search_0 y type_0 para bwg_frontend_data. NOTA: otros parámetros están cubiertos por CVE-2021-24291, CVE-2021-25041 y CVE-2021-46889. NOTA: La información de VMware, previamente conectada a este ID de CVE debido a un error tipográfico, se encuentra en CVE-2022-31693. The Photo Gallery by 10Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'album_gallery_id_0', 'bwg_album_search_0', and 'type_0' parameters in versions up to, and including, 1.5.68 due to insufficient input sanitization and output escaping. • https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3972
https://notcve.org/view.php?id=CVE-2020-3972
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. VMware Tools para macOS (versiones 11.x.x y versiones anteriores a 11.1.1), contiene una vulnerabilidad de denegación de servicio en la implementación del Host-Guest File System (HGFS). Una explotación con éxito de este problema puede permitir a los atacantes, con privilegios que no sean de administrador en máquinas virtuales macOS invitadas, crear una condición de denegación de servicio en sus propias máquinas virtuales • https://www.vmware.com/security/advisories/VMSA-2020-0014.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3941
https://notcve.org/view.php?id=CVE-2020-3941
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. La operación de reparación de VMware Tools para Windows versiones 10.x.y, tiene una condición de carrera que puede permitir una escalada de privilegios en la máquina virtual donde está instalado Tools. Esta vulnerabilidad no está presente en VMware Tools versiones 11.x.y ya que la funcionalidad afectada no está presente en VMware Tools versión 11. • https://www.vmware.com/security/advisories/VMSA-2020-0002.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5522
https://notcve.org/view.php?id=CVE-2019-5522
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine. La actualización de VMware Tools para Windows corrige una vulnerabilidad de lectura fuera de límites en el controlador vm3dmp, que se instala con vmtools en máquinas invitadas de Windows. Este problema está presente en las versiones 10.2. x y 10.3. x antes de 10.3.10. • http://www.securityfocus.com/bid/108673 https://www.vmware.com/security/advisories/VMSA-2019-0009.html • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6969
https://notcve.org/view.php?id=CVE-2018-6969
VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled. VMware Tools ( versiones 10.x y anteriores antes de la 10.3.0) contiene una vulnerabilidad de lectura fuera de límites en HGFS. La explotación exitosa de este problema podría conducir a una divulgación de información o podría permitir que los atacantes escalen sus privilegios en las máquinas virtuales invitadas. • http://www.securityfocus.com/bid/104737 http://www.securitytracker.com/id/1041291 https://www.vmware.com/security/advisories/VMSA-2018-0017.html • CWE-125: Out-of-bounds Read •