CVE-2020-3955
https://notcve.org/view.php?id=CVE-2020-3955
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3. ESXi versión 6.5 sin el parche ESXi650-201912104-SG y ESXi versión 6.7 sin el parche ESXi670-202004103-SG, no neutralizan apropiadamente el HTML relacionado con scripts cuando se visualizan los atributos de las máquinas virtuales. VMware ha evaluado la gravedad de este problema en el rango de gravedad Importante con una puntuación base CVSSv3 máxima de 8,3. • https://www.vmware.com/security/advisories/VMSA-2020-0008.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-5544 – VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. OpenSLP, como es usado en ESXi y los dispositivos Horizon DaaS, presenta un problema de sobrescritura de la pila. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Crítica con una puntuación base máxima CVSSv3 de 9.8. A heap overflow vulnerability was found in OpenSLP. • http://www.openwall.com/lists/oss-security/2019/12/10/2 http://www.openwall.com/lists/oss-security/2019/12/11/2 http://www.vmware.com/security/advisories/VMSA-2019-0022.html https://access.redhat.com/errata/RHSA-2019:4240 https://access.redhat.com/errata/RHSA-2020:0199 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQU • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-5536
https://notcve.org/view.php?id=CVE-2019-5536
VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. VMware ESXi (versión 6.7 anterior a ESXi670-201908101-SG y versión 6.5 anterior a ESXi650-201910401-SG), Workstation (versiones 15.x anteriores a la versión 15.5.0) y Fusion (versiones 11.x anteriores a la versión 11.5.0), contienen una vulnerabilidad de denegación de servicio en la funcionalidad shader. • https://www.vmware.com/security/advisories/VMSA-2019-0019.html •
CVE-2019-5521
https://notcve.org/view.php?id=CVE-2019-5521
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. VMware ESXi (versión 6.7 anterior a ESXi670-201904101-SG y versión 6.5 anterior a ESXi650-201903001), Workstation (versiones 15.x anteriores a 15.0.3 y versiones 14.x anteriores a 14.1.6) y Fusion (versiones 11.x anteriores a 11.0.3 y versiones 10.x anterior a 10.1.6), contienen una vulnerabilidad de lectura fuera de límites en la funcionalidad pixel shader. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757 https://www.vmware.com/security/advisories/VMSA-2019-0012.html • CWE-125: Out-of-bounds Read •
CVE-2019-5527
https://notcve.org/view.php?id=CVE-2019-5527
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. ESXi, Workstation, Fusion, VMRC y Horizon Client contienen una vulnerabilidad uso de la memoria previamente liberada en el dispositivo de sonido virtual. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Importante con un puntaje base CVSSv3 máximo de 8.5. • https://www.vmware.com/security/advisories/VMSA-2019-0014.html • CWE-416: Use After Free •