CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 7%CPEs: 35EXPL: 0CVE-2017-4933
https://notcve.org/view.php?id=CVE-2017-4933
20 Dec 2017 — VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .v... • http://www.securitytracker.com/id/1040024 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 120EXPL: 0CVE-2017-4940
https://notcve.org/view.php?id=CVE-2017-4940
20 Dec 2017 — The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. El ESXi Host Client en VMware ESXi (6.5 anteriores a la ESXi650-201712103-SG, 5.5 anteriores a la ESXi600-201711103-SG y 5.5 anteriores a la ESXi550-201709102-S... • http://www.securitytracker.com/id/1040024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 89EXPL: 0CVE-2017-4941
https://notcve.org/view.php?id=CVE-2017-4941
20 Dec 2017 — VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx... • http://www.securitytracker.com/id/1040024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 189EXPL: 16CVE-2017-16544 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2017-16544
20 Nov 2017 — In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. En la función add_match en libbb/lineedit.c en BusyBox hasta la versión 1.27.2, la característica de autocompletar pestañas del shell, empleada para obtener una lista d... • https://packetstorm.news/files/id/167552 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 91EXPL: 0CVE-2017-4925
https://notcve.org/view.php?id=CVE-2017-4925
15 Sep 2017 — VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware ESXi 6.5 sin el parche ESXi650-201707101-SG, ESXi 6.0 sin el parche ESXi600-201706101-SG, ESXi ... • http://www.securityfocus.com/bid/100842 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-4924 – VMware Workstation Shader Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4924
15 Sep 2017 — VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (ESXi 6.5 sin el parche ESXi650-201707101-SG), Workstation (en versiones 12.x anteriores a la 12.5.7) y Fusion (en versiones 8.x anteriores a la 8.5.8) contienen una vulnerabilidad de escritura fuera de límites en un dispositivo SVGA. Este problema podría per... • http://www.securityfocus.com/bid/100843 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-4902 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4902
30 Mar 2017 — VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-... • http://www.securityfocus.com/bid/97163 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 89EXPL: 0CVE-2017-4903 – VMware Workstation SVGA Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4903
30 Mar 2017 — VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. ESXi versiones 6.5 sin el parche ESXi650-201703410-SG, 6.0 U3 sin el parche ESXi600-20170... • http://www.securityfocus.com/bid/97160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-4904 – VMware Workstation Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4904
30 Mar 2017 — The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. El controlador... • http://www.securityfocus.com/bid/97165 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •