CVE-2018-6957
https://notcve.org/view.php?id=CVE-2018-6957
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. VMware Workstation (versiones 14.x anteriores a la 14.1.1 y 12.x) y Fusion (10.x anteriores a la 10.1.1 y 8.x) contiene una vulnerabilidad de denegación de servicio (DoS) que se puede desencadenar al abrir un número excesivo de sesiones VNC. Nota: Para que su explotación sea posible en Workstation y Fusion, se debe habilitar VNC manualmente. • http://www.securityfocus.com/bid/103431 http://www.securitytracker.com/id/1040539 https://www.vmware.com/security/advisories/VMSA-2018-0008.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-4933
https://notcve.org/view.php?id=CVE-2017-4933
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. VMware ESXi (6.5 anteriores a ESXi650-201710401-BG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de memoria dinámica (heap) mediante una serie específica de paquetes VNC, resultando en una corrupción de memoria dinámica. • http://www.securitytracker.com/id/1040024 http://www.securitytracker.com/id/1040025 https://www.vmware.com/security/advisories/VMSA-2017-0021.html • CWE-787: Out-of-bounds Write •