CVSS: 5.5EPSS: 2%CPEs: 18EXPL: 1CVE-2017-4905 – VMware Workstation Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-4905
30 Mar 2017 — VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703... • https://www.exploit-db.com/exploits/47715 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-7463 – VMware Security Advisory 2016-0023
https://notcve.org/view.php?id=CVE-2016-7463
20 Dec 2016 — Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. Vulnerabilidad de XSS en el Host Client en VMware vSphere Hypervisor (también conocido como ESXi) 5.5 y 6.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una VM manipulada. VMware ESXi updates address a cross-site scripting issue. 2. Relevant Relea... • http://www.securityfocus.com/bid/94998 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 28%CPEs: 7EXPL: 3CVE-2016-5330 – VMware Host Guest Client Redirector - DLL Side Loading
https://notcve.org/view.php?id=CVE-2016-5330
08 Aug 2016 — Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en la característica HGFS (también conocido como Shared Folders) en VMware Tools 10.0.5 en VMware ESXi 5.0 ... • https://packetstorm.news/files/id/138289 • CWE-426: Untrusted Search Path •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5331 – VMware vSphere Hypervisor (ESXi) HTTP Response Injection
https://notcve.org/view.php?id=CVE-2016-5331
05 Aug 2016 — CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en VMware vCenter Server 6.0 en versiones anteriores a U2 y ESXi 6.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuestas HTTP a través de vectores no especificados. The SySS GmbH found out that the web server... • https://packetstorm.news/files/id/138211 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 6.5EPSS: 1%CPEs: 16EXPL: 0CVE-2015-6933
https://notcve.org/view.php?id=CVE-2015-6933
09 Jan 2016 — The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. La implementación VMware Tools HGFS (también conocida como Shared Folders) en VMware Workstation 11.x en versiones anteriores a 11.1.2, VMware Player 7.x en versiones a... • http://www.securitytracker.com/id/1034603 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 1%CPEs: 21EXPL: 0CVE-2014-8370 – VMware Security Advisory 2015-0001
https://notcve.org/view.php?id=CVE-2014-8370
28 Jan 2015 — VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file. VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, VMware Fusion 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permiten a usuarios del sistema operativo anfitrión ganar privilegios del sistema operativo anf... • http://jvn.jp/en/jp/JVN88252465/index.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2015-1044 – VMware Workstation Authorization Service Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2015-1044
28 Jan 2015 — vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors. vmware-authd (también conocido como el proceso de autorización) en VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permite a atacantes causar una denegación de servicio del sistema operativo anfitrión a través de vectores n... • http://secunia.com/advisories/62551 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4241
https://notcve.org/view.php?id=CVE-2014-4241
17 Jul 2014 — Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0 y 10.3.6.0 permite a atacantes remotos afectar la integridad a través de vectores relacionados con WLS - Web Services. • http://seclists.org/fulldisclosure/2014/Dec/23 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3793 – VMware Security Advisory 2014-0005
https://notcve.org/view.php?id=CVE-2014-3793
31 May 2014 — VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. VMware Tools en VMware Workstation 10.x anterior a 10.0.2, VMware Player 6.x anterior a 6.0.2, VMware Fusion 6.x anterior a 6.0.3 y VMware ESXi 5.0 hasta 5.5, cuando ... • http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2014-1207 – VMware Security Advisory 2014-0001
https://notcve.org/view.php?id=CVE-2014-1207
17 Jan 2014 — VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. VMWare ESXi 4.0 hasta 5.1 y ESX 4.0 y 4.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) interceptando y modificando tráfico Network File Copy (NFC). VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues. • http://osvdb.org/102196 •