CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6960
https://notcve.org/view.php?id=CVE-2018-6960
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. VMware Horizon DaaS (versiones 7.x anteriores a la 8.0.0) contiene una vulnerabilidad de autenticación rota que podría permitir que un atacante omita la autenticación de doble factor. Nota: para explotar este problema, un atacante debe tener una cuenta legítima en Horizon DaaS. • http://www.securityfocus.com/bid/103938 http://www.securitytracker.com/id/1040731 https://www.vmware.com/security/advisories/VMSA-2018-0010.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-4946
https://notcve.org/view.php?id=CVE-2017-4946
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. Los agentes de escritorio V4H y V4PA de VMware (6.x en versiones anteriores a la 6.5.1) contienen una vulnerabilidad de escalado de privilegios. La explotación exitosa de esta vulnerabilidad podría resultar en que un usuario de Windows poco privilegiado escale sus privilegios a SYSTEM. • http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946 http://www.securityfocus.com/bid/102441 http://www.securitytracker.com/id/1040136 https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2017-4948
https://notcve.org/view.php?id=CVE-2017-4948
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. • http://www.securityfocus.com/bid/102441 http://www.securitytracker.com/id/1040108 http://www.securitytracker.com/id/1040109 http://www.securitytracker.com/id/1040136 https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-4937
https://notcve.org/view.php?id=CVE-2017-4937
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. • http://www.securityfocus.com/bid/101892 http://www.securitytracker.com/id/1039835 http://www.securitytracker.com/id/1039836 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-4935 – ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4935
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. • http://www.securityfocus.com/bid/101902 http://www.securitytracker.com/id/1039835 http://www.securitytracker.com/id/1039836 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-787: Out-of-bounds Write •