CVSS: 5.3EPSS: 0%CPEs: 41EXPL: 0CVE-2018-6957
https://notcve.org/view.php?id=CVE-2018-6957
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. VMware Workstation (versiones 14.x anteriores a la 14.1.1 y 12.x) y Fusion (10.x anteriores a la 10.1.1 y 8.x) contiene una vulnerabilidad de denegación de servicio (DoS) que se puede desencadenar al abrir un número excesivo de sesiones VNC. Nota: Para que su explotación sea posible en Workstation y Fusion, se debe habilitar VNC manualmente. • http://www.securityfocus.com/bid/103431 http://www.securitytracker.com/id/1040539 https://www.vmware.com/security/advisories/VMSA-2018-0008.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 37EXPL: 0CVE-2017-4945
https://notcve.org/view.php?id=CVE-2017-4945
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. VMware Workstation (14.x y 12.x) y Fusion (10.x y 8.x) contienen una vulnerabilidad de control de acceso invitado. • http://www.securityfocus.com/bid/102441 http://www.securitytracker.com/id/1040109 http://www.securitytracker.com/id/1040136 https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2017-4934 – VMware Workstation NAT IP Fragment Reassembly Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4934
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el dispositivo VMNAT. Este problema puede permitir que un invitado ejecute código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/101903 http://www.securitytracker.com/id/1039835 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2017-4938
https://notcve.org/view.php?id=CVE-2017-4938
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desreferencia de puntero NULL en una llamada de un usuario invitado. Una explotación exitosa de este error puede permitir que atacantes con privilegios de usuario normal cierren de forma inesperada sus máquinas virtuales. • http://www.securityfocus.com/bid/101887 http://www.securitytracker.com/id/1039835 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.9EPSS: 0%CPEs: 18EXPL: 1CVE-2017-4901 – VMware WorkStation 12.5.5 - Virtual Machine Escape
https://notcve.org/view.php?id=CVE-2017-4901
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. La función drag-and-drop (DnD) en Workstation versiones 12.x y anteriores a 12.5.4 y Fusion versiones 8.x y anteriores a 8.5.5 de VMware, presenta una vulnerabilidad de acceso a la memoria fuera de límites. Esto puede permitir que un invitado ejecute código en el sistema operativo que ejecuta Workstation o Fusion. • https://www.exploit-db.com/exploits/47714 http://www.securityfocus.com/bid/96881 http://www.securitytracker.com/id/1038025 https://www.vmware.com/security/advisories/VMSA-2017-0005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •