CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-4905 – VMware Workstation Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-4905
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, 5.5 sin parche ESXi550-201701401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede conducir a un filtrado de información. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. • https://www.exploit-db.com/exploits/47715 http://www.securityfocus.com/bid/97164 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-908: Use of Uninitialized Resource •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-7463
https://notcve.org/view.php?id=CVE-2016-7463
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. Vulnerabilidad de XSS en el Host Client en VMware vSphere Hypervisor (también conocido como ESXi) 5.5 y 6.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una VM manipulada. • http://www.securityfocus.com/bid/94998 http://www.securitytracker.com/id/1037501 http://www.vmware.com/security/advisories/VMSA-2016-0023.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 3CVE-2016-5330 – DLL Side Loading Vulnerability in VMware Host Guest Client Redirector
https://notcve.org/view.php?id=CVE-2016-5330
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en la característica HGFS (también conocido como Shared Folders) en VMware Tools 10.0.5 en VMware ESXi 5.0 hasta la versión 6.0, VMware Workstation Pro 12.1.x en versiones anteriores a 12.1.1, VMware Workstation Player 12.1.x en versiones anteriores a 12.1.1 y VMware Fusion 8.1.x en versiones anteriores a 8.1.1 permite a usuarios locales obtener privilegios a través de una libreria troyanizada o fichero DLL troyanizado en el directorio de trabajo actual • https://www.exploit-db.com/exploits/41711 http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload http://www.securityfocus.com/archive/1/539131/100/0/threaded http://www.securityfocus.com/bid/92323 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.securitytracker.com/id/1036619 http://www.vmware.com/security/advisories/VMSA-2016-0010.html https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_ • CWE-426: Untrusted Search Path •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5331 – VMware vSphere Hypervisor (ESXi) HTTP Response Injection
https://notcve.org/view.php?id=CVE-2016-5331
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en VMware vCenter Server 6.0 en versiones anteriores a U2 y ESXi 6.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuestas HTTP a través de vectores no especificados. The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. • http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://seclists.org/fulldisclosure/2016/Aug/38 http://www.securityfocus.com/archive/1/539128/100/0/threaded http://www.securityfocus.com/bid/92324 http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.vmware.com/security/advisories/VMSA-2016-0010.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2015-6933
https://notcve.org/view.php?id=CVE-2015-6933
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. La implementación VMware Tools HGFS (también conocida como Shared Folders) en VMware Workstation 11.x en versiones anteriores a 11.1.2, VMware Player 7.x en versiones anteriores a 7.1.2, VMware Fusion 7.x en versiones anteriores a 7.1.2 y VMware ESXi 5.0 hasta la versión 6.0 permite a usuarios de SO invitado de Windows obtener privilegios de SO invitado o provocar una denegación de servicio (corrupción de memoria del kernel del SO invitado) a través de vectores no especificados. • http://www.securitytracker.com/id/1034603 http://www.securitytracker.com/id/1034604 http://www.vmware.com/security/advisories/VMSA-2016-0001.html • CWE-284: Improper Access Control •