Page 8 of 49 results (0.027 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed. VMware Workstation (15.x antes del 15.1.0) contiene una vulnerabilidad de use-after-free en el backend Advanced Linux Sound Architecture (ALSA). Un usuario malintencionado con privilegios de usuario normal en la máquina invitada puede aprovechar este problema junto con otros problemas para ejecutar el código en el host de Linux donde está instalada la Estación de trabajo. • http://www.securityfocus.com/bid/108674 https://www.vmware.com/security/advisories/VMSA-2019-0009.html • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. VMware Workstation (versión 15.x anterior de 15.1.0) contiene un problema de secuestro de DLL porque la aplicación carga inapropiadamente algunos archivos DLL. La explotación con éxito de este problema puede permitir a los atacantes con privilegios de usuario normales escalar sus privilegios al administrador en un host de Windows donde está instalada la Estación de trabajo. VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability. • https://www.exploit-db.com/exploits/46851 http://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.html http://www.securityfocus.com/bid/108333 https://www.vmware.com/security/advisories/VMSA-2019-0007.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.8EPSS: 0%CPEs: 120EXPL: 0

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. • https://www.vmware.com/security/advisories/VMSA-2019-0006.html • CWE-125: Out-of-bounds Read •

CVSS: 5.9EPSS: 1%CPEs: 120EXPL: 0

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. La actualizaciones de VMware ESXi (versiones 6.7 anteriores a ESXi670-201904101-SG y 6.5 anteriores a ESXi650-201903001), Workstation (versiones 15.x anteriores a 15.0.3 y 14.x anteriores a 14.1.6), Fusion (versiones 11.x anteriores a 11.0.3 y 10.x anteriores a 10.1.6) abordan una vulnerabilidad de fuera de límites. • https://www.vmware.com/security/advisories/VMSA-2019-0006.html https://www.zerodayinitiative.com/advisories/ZDI-19-369 • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 120EXPL: 0

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0762 https://www.vmware.com/security/advisories/VMSA-2019-0006.html • CWE-125: Out-of-bounds Read •