CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6983
https://notcve.org/view.php?id=CVE-2018-6983
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. VMware Workstation (versiones 15.x anteriores a la 15.0.2 y versiones 14.x anteriores a la 14.1.5) y Fusion (versiones 11.x anteriores a la 11.0.2 y versiones 10.x anteriores a la 10.1.5) contiene una vulnerabilidad de desbordamiento de enteros en los dispositivos de red virtuales. Este problema podría permitir que un invitado ejecute código en el host. • http://www.securityfocus.com/bid/105986 https://www.vmware.com/security/advisories/VMSA-2018-0030.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 170EXPL: 0CVE-2018-6982
https://notcve.org/view.php?id=CVE-2018-6982
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest. VMware ESXi 6.7 sin ESXi670-201811401-BG y VMware ESXi 6.5 sin ESXi650-201811301-BG contiene un uso de memoria de la pila no inicializada en el adaptador de red virtual vmxnet3, lo que podría conducir a una fuga de información del host al invitado. • http://www.securityfocus.com/bid/105882 http://www.securitytracker.com/id/1042055 https://www.vmware.com/security/advisories/VMSA-2018-0027.html • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 0%CPEs: 170EXPL: 0CVE-2018-6981
https://notcve.org/view.php?id=CVE-2018-6981
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host. VMware ESXi 6.7 sin ESXi670-201811401-BG y VMware ESXi 6.5 sin ESXi650-201811301-BG, VMware ESXi 6.0 sin ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation en versiones 14.1.3 o anteriores, VMware Fusion 11 y VMware Fusion en versiones 10.1.3 o anteriores contiene un uso de memoria de la pila no inicializada en el adaptador de red virtual vmxnet3, lo que podría permitir que un invitado ejecute código en el host. • http://www.securityfocus.com/bid/105881 http://www.securitytracker.com/id/1042054 http://www.securitytracker.com/id/1042055 https://www.vmware.com/security/advisories/VMSA-2018-0027.html • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 0%CPEs: 126EXPL: 0CVE-2018-6974 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6974
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (versiones 6.7 anteriores a ESXi670-201810101-SG, versiones 6.5 anteriores a ESXi650-201808401-BG, y versiones 6.0 anteriores a ESXi600-201808401-BG), Workstation (versiones 14.x anteriores a la 14.1.3) y Fusion (versiones 10.x anteriores a la 10.1.3) contienen una vulnerabilidad de lectura fuera de límites en el dispositivo SVGA. Este problema podría permitir que un invitado ejecute código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/105660 http://www.securitytracker.com/id/1041875 http://www.securitytracker.com/id/1041876 https://www.vmware.com/security/advisories/VMSA-2018-0026.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6977
https://notcve.org/view.php?id=CVE-2018-6977
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x y 14.x) y Fusion (11.x y 10.x) contienen una vulnerabilidad de denegación de servicio (DoS) debido a un bucle infinito en un shader de renderizado 3D. Su explotación con éxito podría permitir que un atacante con privilegios de usuario normales en el invitado haga que la máquina virtual deje de responder y, en algunos casos, haga que otras máquinas virtuales en el host o el propio host se vuelvan inoperativos. • http://www.securityfocus.com/bid/105549 http://www.securitytracker.com/id/1041821 http://www.securitytracker.com/id/1041822 https://www.vmware.com/security/advisories/VMSA-2018-0025.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •