CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5539
https://notcve.org/view.php?id=CVE-2019-5539
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed. VMware Workstation (versiones 15.x anteriores a 15.5.1) y Horizon View Agent (versiones 7.10.x anteriores a 7.10.1 y versiones 7.5.x anteriores a 7.5.4), contienen una vulnerabilidad de secuestro de DLL debido a la carga no segura de una DLL por Cortado Thinprint . Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normales escalar sus privilegios al administrador sobre una máquina con Windows donde está instalado Workstation o View Agent. • https://www.vmware.com/security/advisories/VMSA-2019-0023.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6970 – VMWare Horizon Client wswc_sharedMem_shared Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-6970
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems. VMware Horizon 6 (6.x.x en versiones anteriores a la 6.2.7), Horizon 7 (7.x.x en versiones anteriores a la 7.5.1) y Horizon Client (4.x.x en versiones anteriores a la 4.8.1) contiene una vulnerabilidad de lectura fuera de límites en la librería Message Framework. Su explotación con éxito podría permitir que un usuario con menos privilegios filtre información desde un proceso privilegiado que se ejecuta en un sistema donde estén instalados Horizon Connection Server, Horizon Agent o Horizon Client. • http://www.securityfocus.com/bid/105031 http://www.securitytracker.com/id/1041430 https://www.vmware.com/security/advisories/VMSA-2018-0019.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6971
https://notcve.org/view.php?id=CVE-2018-6971
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation. VMware Horizon View Agents (versiones 7.x.x anteriores a la 7.5.1) contienen una vulnerabilidad de divulgación de información local debido al registro inseguro de credenciales en el archivo vmmsi.log cuando una cuenta diferente a la del usuario que tiene su sesión iniciada actualmente se especifica durante la instalación (incluyendo las instalaciones silenciosas). La explotación exitosa de este problema podría permitir que usuarios con pocos privilegios accedan a las credenciales especificadas durante la instalación de Horizon View Agent. • http://www.securityfocus.com/bid/104883 http://www.securitytracker.com/id/1041357 http://www.securitytracker.com/id/1041358 https://www.vmware.com/security/advisories/VMSA-2018-0018.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2017-4948
https://notcve.org/view.php?id=CVE-2017-4948
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. • http://www.securityfocus.com/bid/102441 http://www.securitytracker.com/id/1040108 http://www.securitytracker.com/id/1040109 http://www.securitytracker.com/id/1040136 https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-4935 – ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4935
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. • http://www.securityfocus.com/bid/101902 http://www.securitytracker.com/id/1039835 http://www.securitytracker.com/id/1039836 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-787: Out-of-bounds Write •