CVSS: 10.0EPSS: 40%CPEs: 224EXPL: 2CVE-2020-3992 – VMware ESXi OpenSLP Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-3992
20 Oct 2020 — OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. OpenSLP como es usado en VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202010401-SG, versiones 6.5... • https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 225EXPL: 0CVE-2020-3981 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3981
20 Oct 2020 — VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202008101-... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-125: Out-of-bounds Read CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 226EXPL: 0CVE-2020-3982 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3982
20 Oct 2020 — VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.168... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 229EXPL: 0CVE-2020-3976
https://notcve.org/view.php?id=CVE-2020-3976
21 Aug 2020 — VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. VMware ESXi y vCenter Server, contienen una vulnerabilidad de denegación de servicio parcial en sus respectivos servicios de autenticación. VMware ha evaluado que la gravedad de este problema se encuentra en el rango de gravedad Moderada con una puntuación bas... • https://www.vmware.com/security/advisories/VMSA-2020-0018.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 1CVE-2020-3965 – VMware ESXi Use-After-Free / Out-Of-Bounds Access
https://notcve.org/view.php?id=CVE-2020-3965
25 Jun 2020 — VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y... • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 190EXPL: 1CVE-2020-3964 – VMware ESXi Use-After-Free / Out-Of-Bounds Access
https://notcve.org/view.php?id=CVE-2020-3964
25 Jun 2020 — VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. VMware ESXi (versiones 7.0 a... • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 2CVE-2020-3963 – VMware ESXi Use-After-Free / Out-Of-Bounds Access
https://notcve.org/view.php?id=CVE-2020-3963
25 Jun 2020 — VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ES... • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3966 – VMware Workstation EHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3966
25 Jun 2020 — VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitat... • https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.2EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3968 – VMware Workstation xHCI Isoch TD Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3968
25 Jun 2020 — VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual mach... • https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3967 – VMware Workstation EHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3967
25 Jun 2020 — VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possib... • https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-787: Out-of-bounds Write •