CVSS: 8.8EPSS: 9%CPEs: 170EXPL: 1CVE-2018-6981 – VMware Security Advisory 2018-0027
https://notcve.org/view.php?id=CVE-2018-6981
09 Nov 2018 — VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host. VMware ESXi 6.7 sin ESXi670-201811401-BG y VMware ESXi 6.5 sin ESXi650-201811301-BG, VMware ESXi 6.0 sin ESXi600-201811401-BG, VMwa... • https://github.com/LxKxC/vmxnet3Hunter • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 0%CPEs: 126EXPL: 0CVE-2018-6974 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6974
16 Oct 2018 — VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (versiones 6.7 anteriores a ESXi670-201810101-SG, versiones 6.5 anteriores a ESXi650-201808401-BG, y versiones 6.0 anteriores a ESXi600-201808401-BG), Workstation (versiones 14.x anteriores a la 14.1.... • http://www.securityfocus.com/bid/105660 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6977 – VMware Security Advisory 2018-0025
https://notcve.org/view.php?id=CVE-2018-6977
09 Oct 2018 — VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x y 14.x) y Fusion (11.x y 10.x) contienen una vulnerabilidad de ... • http://www.securityfocus.com/bid/105549 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 2%CPEs: 125EXPL: 0CVE-2018-6972 – VMware Workstation SetGuestInfo Null Pointer Dereference Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-6972
20 Jul 2018 — VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware ESXi (versiones 6.7 anteriores a ESXi670-201806401-BG, versiones 6.5 anteriores a ESXi65... • http://www.securityfocus.com/bid/104884 • CWE-476: NULL Pointer Dereference •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 7%CPEs: 35EXPL: 0CVE-2017-4933
https://notcve.org/view.php?id=CVE-2017-4933
20 Dec 2017 — VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .v... • http://www.securitytracker.com/id/1040024 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 91EXPL: 0CVE-2017-4925
https://notcve.org/view.php?id=CVE-2017-4925
15 Sep 2017 — VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware ESXi 6.5 sin el parche ESXi650-201707101-SG, ESXi 6.0 sin el parche ESXi600-201706101-SG, ESXi ... • http://www.securityfocus.com/bid/100842 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-4924 – VMware Workstation Shader Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4924
15 Sep 2017 — VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (ESXi 6.5 sin el parche ESXi650-201707101-SG), Workstation (en versiones 12.x anteriores a la 12.5.7) y Fusion (en versiones 8.x anteriores a la 8.5.8) contienen una vulnerabilidad de escritura fuera de límites en un dispositivo SVGA. Este problema podría per... • http://www.securityfocus.com/bid/100843 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-4902 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4902
30 Mar 2017 — VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-... • http://www.securityfocus.com/bid/97163 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 89EXPL: 0CVE-2017-4903 – VMware Workstation SVGA Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4903
30 Mar 2017 — VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. ESXi versiones 6.5 sin el parche ESXi650-201703410-SG, 6.0 U3 sin el parche ESXi600-20170... • http://www.securityfocus.com/bid/97160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •