CVSS: 8.8EPSS: 0%CPEs: 187EXPL: 0CVE-2019-5527 – VMware Security Advisory 2019-0014
https://notcve.org/view.php?id=CVE-2019-5527
20 Sep 2019 — ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. ESXi, Workstation, Fusion, VMRC y Horizon Client contienen una vulnerabilidad uso de la memoria previamente liberada en el dispositivo de sonido virtual. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Importante con un puntaje bas... • https://www.vmware.com/security/advisories/VMSA-2019-0014.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 75EXPL: 0CVE-2019-5519 – VMware Workstation UHCI Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-5519
29 Mar 2019 — VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.... • http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 1%CPEs: 75EXPL: 0CVE-2019-5518 – VMware Workstation UHCI Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-5518
29 Mar 2019 — VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host. VMware E... • http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 9%CPEs: 170EXPL: 1CVE-2018-6981 – VMware Security Advisory 2018-0027
https://notcve.org/view.php?id=CVE-2018-6981
09 Nov 2018 — VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host. VMware ESXi 6.7 sin ESXi670-201811401-BG y VMware ESXi 6.5 sin ESXi650-201811301-BG, VMware ESXi 6.0 sin ESXi600-201811401-BG, VMwa... • https://github.com/LxKxC/vmxnet3Hunter • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 170EXPL: 0CVE-2018-6982 – VMware Security Advisory 2018-0027
https://notcve.org/view.php?id=CVE-2018-6982
09 Nov 2018 — VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest. VMware ESXi 6.7 sin ESXi670-201811401-BG y VMware ESXi 6.5 sin ESXi650-201811301-BG contiene un uso de memoria de la pila no inicializada en el adaptador de red virtual vmxnet3, lo que podría conducir a una fuga de información del host al invitado. VMware ESXi, Workstation, and F... • http://www.securityfocus.com/bid/105882 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 10%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 126EXPL: 0CVE-2018-6974 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6974
16 Oct 2018 — VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (versiones 6.7 anteriores a ESXi670-201810101-SG, versiones 6.5 anteriores a ESXi650-201808401-BG, y versiones 6.0 anteriores a ESXi600-201808401-BG), Workstation (versiones 14.x anteriores a la 14.1.... • http://www.securityfocus.com/bid/105660 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6977 – VMware Security Advisory 2018-0025
https://notcve.org/view.php?id=CVE-2018-6977
09 Oct 2018 — VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x y 14.x) y Fusion (11.x y 10.x) contienen una vulnerabilidad de ... • http://www.securityfocus.com/bid/105549 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 2%CPEs: 125EXPL: 0CVE-2018-6972 – VMware Workstation SetGuestInfo Null Pointer Dereference Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-6972
20 Jul 2018 — VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware ESXi (versiones 6.7 anteriores a ESXi670-201806401-BG, versiones 6.5 anteriores a ESXi65... • http://www.securityfocus.com/bid/104884 • CWE-476: NULL Pointer Dereference •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •