6 results (0.003 seconds)

CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 0

05 Mar 2024 — VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. VMware ESXi contiene una vulnerabilidad de escritura fuera de los límites. Un actor malicioso con privilegios dentro del proceso VMX puede desencadenar una escritura fuera de los límites que conduzca a un escape del entorno limitado. VMware ESXi contains an out-of-bounds write vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0

05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0

06 Apr 2009 — Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (ho... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

06 Apr 2009 — VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. VI Client de VMware VirtualCenter en versiones anteriores a la v2.5 Update 4, VMware ESXi 3.5 en sus versiones anteriores a Update 4, and VMware ESX 3.5 en sus versiones anteriores a Update 4 retienen la contraseña de VirtualCenter Server en la memoria de proceso, lo que p... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0

05 Jun 2008 — Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x ante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 •