Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for fusion_pro by vmware
CVE-2017-4905 (GCVE-0-2017-4905)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
Severity
No CVSS data available.
CWE
- Information leak
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97164 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97164"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4905",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4904 (GCVE-0-2017-4904)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
Severity
No CVSS data available.
CWE
- Remote Code Execution / DoS
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97165 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution / DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution / DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97165"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4904",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4903 (GCVE-0-2017-4903)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
Severity
No CVSS data available.
CWE
- Uninitialized Stack Memory Usage
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97160 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uninitialized Stack Memory Usage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized Stack Memory Usage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97160"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4903",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4902 (GCVE-0-2017-4902)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
Severity
No CVSS data available.
CWE
- Heap Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/97163 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4902",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7461 (GCVE-0-2016-7461)
Vulnerability from nvd – Published: 2016-12-29 09:02 – Updated: 2024-08-06 01:57
VLAI
Summary
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94280 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037282 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7461",
"datePublished": "2016-12-29T09:02:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4903 (GCVE-0-2017-4903)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
Severity
No CVSS data available.
CWE
- Uninitialized Stack Memory Usage
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97160 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uninitialized Stack Memory Usage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized Stack Memory Usage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97160"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4903",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4905 (GCVE-0-2017-4905)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
Severity
No CVSS data available.
CWE
- Information leak
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97164 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97164"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4905",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4902 (GCVE-0-2017-4902)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
Severity
No CVSS data available.
CWE
- Heap Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/97163 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4902",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4904 (GCVE-0-2017-4904)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
Severity
No CVSS data available.
CWE
- Remote Code Execution / DoS
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97165 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038148 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1038149 | vdb-entryx_refsource_SECTRACK |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
|
| VMware | Workstation Pro / Player |
Affected:
12.x prior to 12.5.5
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.6
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution / DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution / DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97165"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4904",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7461 (GCVE-0-2016-7461)
Vulnerability from cvelistv5 – Published: 2016-12-29 09:02 – Updated: 2024-08-06 01:57
VLAI
Summary
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94280 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037282 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7461",
"datePublished": "2016-12-29T09:02:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}