CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-4904 – VMware Workstation Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4904
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. El controlador XHCI en ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, y 5.5 sin parche ESXi550 -201703401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede permitir a un invitado ejecutar código en el host. • http://www.securityfocus.com/bid/97165 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-4905 – VMware Workstation Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-4905
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, 5.5 sin parche ESXi550-201701401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede conducir a un filtrado de información. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. • https://www.exploit-db.com/exploits/47715 http://www.securityfocus.com/bid/97164 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7461
https://notcve.org/view.php?id=CVE-2016-7461
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. La función de arrastrar y soltar (también conocida como DnD) en VMware Workstation Pro 12.x en versiones anteriores a 12.5.2 y VMware Workstation Player 12.x en versiones anteriores a 12.5.2 y VMware Fusion y Fusion Pro 8.x en versiones anteriores a 8.5.2 permite a usuarios invitados de SO ejecutar código arbitrario en el SO anfitrión o provocar una denegación de servicio (acceso a memoria fuera de límites en el SO anfitrión) a través de vectores no especificados. • http://www.securityfocus.com/bid/94280 http://www.securitytracker.com/id/1037282 http://www.vmware.com/security/advisories/VMSA-2016-0019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5329
https://notcve.org/view.php?id=CVE-2016-5329
VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. VMware Fusion 8.x en versiones anteriores a 8.5 en OS X, cuando System Integrity Protection (SIP) está habilitado, permite a usuarios locales determinar las direcciones de memoria del kernel y eludir el mecanismo de protección kASLR a través de vectores no especificados. • http://www.securityfocus.com/bid/93888 http://www.securitytracker.com/id/1037103 http://www.vmware.com/security/advisories/VMSA-2016-0017.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 3CVE-2016-5330 – DLL Side Loading Vulnerability in VMware Host Guest Client Redirector
https://notcve.org/view.php?id=CVE-2016-5330
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en la característica HGFS (también conocido como Shared Folders) en VMware Tools 10.0.5 en VMware ESXi 5.0 hasta la versión 6.0, VMware Workstation Pro 12.1.x en versiones anteriores a 12.1.1, VMware Workstation Player 12.1.x en versiones anteriores a 12.1.1 y VMware Fusion 8.1.x en versiones anteriores a 8.1.1 permite a usuarios locales obtener privilegios a través de una libreria troyanizada o fichero DLL troyanizado en el directorio de trabajo actual • https://www.exploit-db.com/exploits/41711 http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload http://www.securityfocus.com/archive/1/539131/100/0/threaded http://www.securityfocus.com/bid/92323 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.securitytracker.com/id/1036619 http://www.vmware.com/security/advisories/VMSA-2016-0010.html https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_ • CWE-426: Untrusted Search Path •