CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3957
https://notcve.org/view.php?id=CVE-2020-3957
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. VMware Fusion (versiones 11.x anteriores a 11.5.5), VMware Remote Console para Mac (versiones anteriores a 11.x ) y VMware Horizon Client para Mac (versiones anteriores a 5.x), contienen una vulnerabilidad de escalada de privilegios local debido a un problema de tipo Time-of-check Time-of-use (TOCTOU) en el abridor de servicio. Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normal escalar sus privilegios a root en el sistema donde están instalados Fusion, VMRC y Horizon Client. • https://www.vmware.com/security/advisories/VMSA-2020-0011.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 81%CPEs: 2EXPL: 3CVE-2008-1491 – ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1491
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623. Desbordamiento de búfer basado en pila en el Servidor DPC Proxy (DpcProxy.exe) de ASUS Remote Console (también conocida como ARC o ASMB3) 2.0.0.19 y 2.0.0.24, permite a atacantes remotos ejecutar código de su elección mediante una cadena larga al puerto TCP 623. • https://www.exploit-db.com/exploits/5694 https://www.exploit-db.com/exploits/16425 http://aluigi.altervista.org/adv/asuxdpc-adv.txt http://secunia.com/advisories/29402 http://securityreason.com/securityalert/3771 http://www.securityfocus.com/archive/1/489966/100/0/threaded http://www.securityfocus.com/bid/28394 http://www.vupen.com/english/advisories/2008/0982/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41358 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •