CVSS: 7.5EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3967 – VMware Workstation EHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3967
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5. 5), contienen una vulnerabilidad de desbordamiento de la pila en el controlador USB 2.0 (EHCI). Un actor malicioso con acceso local a una máquina virtual puede ser capaz de explotar esta vulnerabilidad para ejecutar código en el hipervisor desde una máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-784 • CWE-787: Out-of-bounds Write •
CVSS: 3.8EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3970 – VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3970
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5. 5), contienen una vulnerabilidad de lectura fuera de límites en la funcionalidad Shader. Un actor malicioso con acceso local no administrativo a una máquina virtual con gráficos 3D habilitados puede ser capaz de explotar esta vulnerabilidad para bloquear el proceso vmx de la máquina virtual conllevando a una condición de denegación de servicio parcial This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the parsing of shader bytecode. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-782 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3962 – VMware Workstation SVGA DXInvalidateContext Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3962
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5. 5), contienen una vulnerabilidad de uso de la memoria previamente liberada en el dispositivo SVGA. Un actor malicioso con acceso local a una máquina virtual con gráficos 3D habilitados puede ser capaz de explotar esta vulnerabilidad para ejecutar código en el hipervisor desde una máquina virtual This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of the SVGA DXInvalidateContext command. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-785 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3969 – VMware Workstation SVGA3D Command Heap Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3969
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5. 5), contienen una vulnerabilidad de desbordamiento de pila por un paso en el dispositivo SVGA. Un actor malicioso con acceso local a una máquina virtual con gráficos 3D habilitados puede ser capaz de explotar esta vulnerabilidad para ejecutar código en el hipervisor desde una máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-786 • CWE-193: Off-by-one Error •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3972
https://notcve.org/view.php?id=CVE-2020-3972
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. VMware Tools para macOS (versiones 11.x.x y versiones anteriores a 11.1.1), contiene una vulnerabilidad de denegación de servicio en la implementación del Host-Guest File System (HGFS). Una explotación con éxito de este problema puede permitir a los atacantes, con privilegios que no sean de administrador en máquinas virtuales macOS invitadas, crear una condición de denegación de servicio en sus propias máquinas virtuales • https://www.vmware.com/security/advisories/VMSA-2020-0014.html •