CVSS: 5.3EPSS: 0%CPEs: 41EXPL: 0CVE-2018-6957
https://notcve.org/view.php?id=CVE-2018-6957
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. VMware Workstation (versiones 14.x anteriores a la 14.1.1 y 12.x) y Fusion (10.x anteriores a la 10.1.1 y 8.x) contiene una vulnerabilidad de denegación de servicio (DoS) que se puede desencadenar al abrir un número excesivo de sesiones VNC. Nota: Para que su explotación sea posible en Workstation y Fusion, se debe habilitar VNC manualmente. • http://www.securityfocus.com/bid/103431 http://www.securitytracker.com/id/1040539 https://www.vmware.com/security/advisories/VMSA-2018-0008.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 15%CPEs: 35EXPL: 0CVE-2017-4933
https://notcve.org/view.php?id=CVE-2017-4933
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. VMware ESXi (6.5 anteriores a ESXi650-201710401-BG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de memoria dinámica (heap) mediante una serie específica de paquetes VNC, resultando en una corrupción de memoria dinámica. • http://www.securitytracker.com/id/1040024 http://www.securitytracker.com/id/1040025 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 91EXPL: 0CVE-2017-4925
https://notcve.org/view.php?id=CVE-2017-4925
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware ESXi 6.5 sin el parche ESXi650-201707101-SG, ESXi 6.0 sin el parche ESXi600-201706101-SG, ESXi 5.5 sin el parche ESXi550-201709101-SG, Workstation (en versiones 12.x anteriores a la 12.5.3) y Fusion (en versiones 8.x anteriores a la 8.5.4) contienen una vulnerabilidad de desreferencia de puntero NULL. Este problema ocurre cuando se gestionan peticiones RPC por parte de un invitado. • http://www.securityfocus.com/bid/100842 http://www.securitytracker.com/id/1039367 http://www.securitytracker.com/id/1039368 https://www.vmware.com/security/advisories/VMSA-2017-0015.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-4924 – VMware Workstation Shader Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4924
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware ESXi (ESXi 6.5 sin el parche ESXi650-201707101-SG), Workstation (en versiones 12.x anteriores a la 12.5.7) y Fusion (en versiones 8.x anteriores a la 8.5.8) contienen una vulnerabilidad de escritura fuera de límites en un dispositivo SVGA. Este problema podría permitir que un invitado ejecute código en el host. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/100843 http://www.securitytracker.com/id/1039365 http://www.securitytracker.com/id/1039366 https://0patch.blogspot.com/2017/10/micropatching-hypervisor-with-running.html https://www.vmware.com/security/advisories/VMSA-2017-0015.html • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2017-4899
https://notcve.org/view.php?id=CVE-2017-4899
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed. Workstation Pro/Player versiones 12.x anteriores a 12.5.3 de VMware, contiene una vulnerabilidad de seguridad que se presenta en el controlador SVGA. Un atacante puede explotar este problema para bloquear la máquina virtual o activar una lectura fuera de límite. • http://www.securityfocus.com/bid/96771 http://www.securitytracker.com/id/1037979 http://www.vmware.com/security/advisories/VMSA-2017-0003.html • CWE-125: Out-of-bounds Read •