Page 5 of 49 results (0.019 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM. Linux Guest VMs ejecutado en VMware Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5.2), contienen una vulnerabilidad de escalada de privilegios locales debido a permisos de archivo inapropiados en Cortado Thinprint. Los atacantes locales con acceso no administrativo a una Máquina Virtual invitada de Linux con impresión virtual habilitada pueden explotar este problema para elevar sus privilegios para rootear en la misma máquina virtual invitada. This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. • https://www.vmware.com/security/advisories/VMSA-2020-0004.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine. VMware Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5.2), contienen una vulnerabilidad de uso previo en vmnetdhcp. Una explotación con éxito de este problema puede conllevar a una ejecución de código en el host del invitado o puede permitir a atacantes crear una condición de denegación de servicio del servicio vmnetdhcp que se ejecuta sobre la máquina host. This vulnerability allows local attackers to execute arbitrary code on affected installations of VMware Workstation. • https://www.vmware.com/security/advisories/VMSA-2020-0004.html • CWE-416: Use After Free •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. Se presenta una vulnerabilidad de confusión de tipos explotable en el controlador AMD ATIDXX64.DLL, versiones 26.20.13031.10003, 26.20.13031.15006 y 26.20.13031.18002. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. Se presenta una vulnerabilidad de lectura fuera de límites explotable en el controlador AMD ATIDXX64.DLL, versión 26.20.13025.10004. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0937 • CWE-125: Out-of-bounds Read •

CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. Se presenta una vulnerabilidad de lectura fuera de límites explotable en el controlador AMD ATIDXX64.DLL, versión 26.20.13003.1007. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0936 • CWE-125: Out-of-bounds Read •