Search criteria
78 vulnerabilities found for workstation_player by vmware
FKIE_CVE-2021-22040
Vulnerability from fkie_nvd - Published: 2022-02-16 17:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0004.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0004.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28769D3C-0C46-4E6B-A8E2-75A7B64B1D47",
"versionEndExcluding": "3.11",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBED072F-DE79-41C6-AD4F-02E10BD27FBD",
"versionEndExcluding": "4.4",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6735BF82-477F-498C-90E6-A744DECEEB1E",
"versionEndExcluding": "12.2.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "004F4859-2B2B-472E-A135-122B46BBE427",
"versionEndExcluding": "16.2.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59A4C2DD-155D-41F0-9A03-40FD949BDBCD",
"versionEndExcluding": "16.2.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-202202401:*:*:*:*:*:*",
"matchCriteriaId": "4C47BEFC-1434-4676-A123-359A500F19BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*",
"matchCriteriaId": "0CE9D758-2170-4ACD-965C-C76BDA693466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*",
"matchCriteriaId": "FD4A373B-2AC6-4193-9C34-1E4EEB552A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*",
"matchCriteriaId": "E75F4E15-2C5F-4667-B8A4-0EE9895FAEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*",
"matchCriteriaId": "8B75B45F-E25A-4362-856D-465A9F8B70DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*",
"matchCriteriaId": "EDA4AE4C-3BA8-472D-950A-3C8684565CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*",
"matchCriteriaId": "6AA3617D-B911-4BC5-B544-B31D4F43D2B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*",
"matchCriteriaId": "CDC6E0F6-83DF-4670-8D04-A41C7DC1B881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*",
"matchCriteriaId": "047A71B3-CDFB-41F3-B2DE-11360DAE5744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*",
"matchCriteriaId": "F88691FD-F263-4B75-BF21-481BC1623C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*",
"matchCriteriaId": "D2A47CDA-D3DD-4E0F-8268-32A188EA1D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*",
"matchCriteriaId": "36A67476-2E8E-4104-9F10-7AE42F82508F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*",
"matchCriteriaId": "ED029F1A-96D0-4EF2-9148-FC98E8B8FDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*",
"matchCriteriaId": "E2283675-582F-44A8-833B-B5B439CBFA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*",
"matchCriteriaId": "94C4A188-6B00-48C4-B7E2-9F70811BF618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*",
"matchCriteriaId": "F82943E9-E2D0-49F4-BD32-40E84BA1957E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*",
"matchCriteriaId": "3ACB68F5-EC73-4C30-8FD3-F6647F9BCCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*",
"matchCriteriaId": "B854BA24-11FD-4D0C-9EFD-A88E64FED4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*",
"matchCriteriaId": "554434AB-763F-4E95-B616-F7594041D511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*",
"matchCriteriaId": "CE56E7AC-F63D-4A4B-9B45-0E623973B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*",
"matchCriteriaId": "36664142-0111-42F5-A371-AD2C0DF211EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*",
"matchCriteriaId": "49EA78B6-8208-4351-88F9-103CA01EF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*",
"matchCriteriaId": "27AC575F-9AC4-4AA1-A71C-BF9F752295F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*",
"matchCriteriaId": "4C0F47F3-0509-45AC-8EA9-37246E4E6095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*",
"matchCriteriaId": "CE103301-6AEF-4348-8F36-833021739AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*",
"matchCriteriaId": "8D92B2FF-8962-41F9-B019-D83AAAD188FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*",
"matchCriteriaId": "8E6D5227-3421-412F-9BE0-583AA768446D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*",
"matchCriteriaId": "BD2F52AF-D7EF-4F57-8F04-B0C6CD3FED63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*",
"matchCriteriaId": "82BA9EB1-4EFB-4649-92C7-2C307966956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*",
"matchCriteriaId": "2133378D-8DFD-48B9-83A1-9FA7DDC68902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*",
"matchCriteriaId": "57BF8703-0C83-4BA5-B0F7-FB6E45229685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*",
"matchCriteriaId": "DAADDD62-2F6E-4D12-A49F-3D38ACF488E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*",
"matchCriteriaId": "B5834F35-6D9A-48E5-BB5C-3A7D6CCE36D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*",
"matchCriteriaId": "27FA0C0E-B5A2-4619-998B-CFB45496D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*",
"matchCriteriaId": "B98EDBA4-0BA4-4894-B6F6-681117A5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*",
"matchCriteriaId": "8E756914-2C2A-4999-AAEA-2F6835A29C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*",
"matchCriteriaId": "0AC0C89B-26A3-40F7-855F-5F6B36B77F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*",
"matchCriteriaId": "5BF2FE18-A90E-429A-98D1-9A97DD0464B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*",
"matchCriteriaId": "92289D85-0652-41D1-A6BA-D4B8C7EE1F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*",
"matchCriteriaId": "CF41887D-B145-4D01-9AEF-2E36479B2FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*",
"matchCriteriaId": "0FEAF0ED-BD20-4BA6-BB23-1C978B823A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*",
"matchCriteriaId": "36234CE1-FA7E-4534-9720-410435E2BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*",
"matchCriteriaId": "ABE65721-57C0-4748-B159-F6D97CE8CAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*",
"matchCriteriaId": "CD1889D7-3313-4004-AA42-7879E8551413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*",
"matchCriteriaId": "494E0B07-CE16-46D4-A89B-4F12A6CECDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*",
"matchCriteriaId": "DD046237-16D7-4A57-9F09-2A6A649368C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*",
"matchCriteriaId": "8343E8DB-1D54-4B82-9254-2E2AFC548609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*",
"matchCriteriaId": "F853B5B8-E8F8-4EA2-90EB-0603F4AADAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*",
"matchCriteriaId": "0169E032-F47A-45E0-BC33-B7DF54EC11BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*",
"matchCriteriaId": "B0FCF0BB-9905-415A-8E30-DB96CCC49782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904201-ug:*:*:*:*:*:*",
"matchCriteriaId": "7264CDC9-FB2D-45A9-9307-C197B1052477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*",
"matchCriteriaId": "0C02E0DF-7656-475B-B028-10406DAB30F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904202-ug:*:*:*:*:*:*",
"matchCriteriaId": "D0538570-759A-441A-BC37-556642C090F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*",
"matchCriteriaId": "41340C91-4E96-4578-BB96-6758EBE072E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904203-ug:*:*:*:*:*:*",
"matchCriteriaId": "9CF906E5-A846-49BA-925B-C6059FD02BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*",
"matchCriteriaId": "FAE29DD3-BFC7-4781-A805-DE379CAB3DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904204-ug:*:*:*:*:*:*",
"matchCriteriaId": "7D3D0230-53D4-469F-AD46-74F057F6F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*",
"matchCriteriaId": "322DC091-A4A1-4534-AB5C-0030114A63D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904205-ug:*:*:*:*:*:*",
"matchCriteriaId": "8D8E89CE-C919-4CDF-98BE-BA9A126B36BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*",
"matchCriteriaId": "4B23002D-D157-412F-B2ED-CD4504C79987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904206-ug:*:*:*:*:*:*",
"matchCriteriaId": "73DA1453-4756-4C16-9640-B3B0C6F617DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*",
"matchCriteriaId": "8A2AE141-7503-4C0B-B0F1-B67A898FDF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904207-ug:*:*:*:*:*:*",
"matchCriteriaId": "589EE886-6927-4AEA-903C-155C23B1747A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*",
"matchCriteriaId": "4547B798-9F00-4B28-B667-9D38B9E3591B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904208-ug:*:*:*:*:*:*",
"matchCriteriaId": "3BDDFA27-0D99-4D98-B00F-5D038488BAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*",
"matchCriteriaId": "53129601-DDA4-4BF4-8F63-A88890F2D7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904209-ug:*:*:*:*:*:*",
"matchCriteriaId": "3F931502-8460-4373-92D7-CFD817F4A062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*",
"matchCriteriaId": "B48B12F8-0B49-404E-A6B4-1F6108687C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904210-ug:*:*:*:*:*:*",
"matchCriteriaId": "287D4E48-4890-46C2-8B9B-1CE484C9D30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*",
"matchCriteriaId": "8CED027A-5B1B-44CC-81DA-AAD00D551C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904211-ug:*:*:*:*:*:*",
"matchCriteriaId": "A916EB29-ADE4-4D65-BF8E-98B44E466AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*",
"matchCriteriaId": "94F87F69-37DD-4170-ACA0-742EE8CFD00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904212-ug:*:*:*:*:*:*",
"matchCriteriaId": "BC024B88-DEDD-49E5-B668-5B00C212B6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*",
"matchCriteriaId": "ACC3D191-BB1B-4875-9A58-1E6D53128062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904213-ug:*:*:*:*:*:*",
"matchCriteriaId": "DB9F131B-46BE-44F8-904B-FD0839926B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*",
"matchCriteriaId": "BD858E05-6FDE-4EDE-95C7-CA16B66BE7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904214-ug:*:*:*:*:*:*",
"matchCriteriaId": "BA2195E5-3BAD-4E90-BE40-A59C0A6A9EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*",
"matchCriteriaId": "FFCC4027-ED2E-4993-9C3E-FDEBF94EFF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904215-ug:*:*:*:*:*:*",
"matchCriteriaId": "1503D3D9-E1A7-41F9-B26D-0AED8ABE6FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*",
"matchCriteriaId": "62772E13-0198-4021-9FB0-59124086B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904216-ug:*:*:*:*:*:*",
"matchCriteriaId": "7BD28EE0-808D-4A76-B707-F163527608C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*",
"matchCriteriaId": "C8A565A1-E4F0-4683-9DD6-D3B595A0B2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904217-ug:*:*:*:*:*:*",
"matchCriteriaId": "79225541-575F-44FC-8ED6-24BA6A4128EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*",
"matchCriteriaId": "7B8868CD-EA52-438C-BFDD-EB41C98BA425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904218-ug:*:*:*:*:*:*",
"matchCriteriaId": "8A4A62CD-A46B-4612-9DC8-7744E6D5EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*",
"matchCriteriaId": "2F42557E-2FB2-4902-A6E8-CDDDC5E6CAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904219-ug:*:*:*:*:*:*",
"matchCriteriaId": "D526CE1D-ED76-44EB-9377-53EF7556E254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*",
"matchCriteriaId": "00ECE661-E187-4999-B2CC-CF0EBAE83253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904220-ug:*:*:*:*:*:*",
"matchCriteriaId": "D7E92A1C-40EB-441B-A634-42609527210A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*",
"matchCriteriaId": "6C225598-9636-4095-84FE-DD671F2D6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904221-ug:*:*:*:*:*:*",
"matchCriteriaId": "111A10BE-FC5A-4272-9719-1DED62694A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*",
"matchCriteriaId": "58C577E8-4B2B-4D91-AFCA-81C7FA04B897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904222-ug:*:*:*:*:*:*",
"matchCriteriaId": "FC65FCFC-CD55-401A-8986-A1DBF544D228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*",
"matchCriteriaId": "B7F8E29D-A3C1-4223-BDC3-CCED7C6FC86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904223-ug:*:*:*:*:*:*",
"matchCriteriaId": "EEBD3AEC-284C-44E1-A4CD-010787114737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*",
"matchCriteriaId": "41DE747D-30C9-470D-8447-47B8C95311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904224-ug:*:*:*:*:*:*",
"matchCriteriaId": "42F87C20-5A00-43C9-A445-50AD716233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*",
"matchCriteriaId": "9D4D1283-BEC0-4FFC-8DC1-812D7A069F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904225-ug:*:*:*:*:*:*",
"matchCriteriaId": "C1412AFC-CBE8-4151-B01D-785F11ACAB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*",
"matchCriteriaId": "97F27723-5065-4A57-AF07-F9BD35B9B32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904226-ug:*:*:*:*:*:*",
"matchCriteriaId": "6431DD1F-2269-4AFB-B486-9B6373F41C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*",
"matchCriteriaId": "94383F22-6A4B-43A5-BA4D-6D25698DFF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904227-ug:*:*:*:*:*:*",
"matchCriteriaId": "3BA5D0CB-E5B0-4C95-91A7-C662BAE01483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*",
"matchCriteriaId": "0F27B6FA-DFF5-4A67-BA3A-E34F38DC3D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904228-ug:*:*:*:*:*:*",
"matchCriteriaId": "A86BDAB4-3924-45A8-9130-517DEA184FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*",
"matchCriteriaId": "E58409B9-DCF2-4383-8A39-D7CE0136EFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904229-ug:*:*:*:*:*:*",
"matchCriteriaId": "A6EAE07B-2849-4E3B-B8D0-F68E6440A9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201905001:*:*:*:*:*:*",
"matchCriteriaId": "00CF4E83-EA1C-4058-8BCC-09B495255F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201906002:*:*:*:*:*:*",
"matchCriteriaId": "86626D15-8D73-48BA-970B-CE661D5BB59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908101:*:*:*:*:*:*",
"matchCriteriaId": "2308CED4-314E-4CFE-8B1F-7B6CAA637A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908102:*:*:*:*:*:*",
"matchCriteriaId": "9969057F-BD3A-474E-8A02-087575A8AA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908103:*:*:*:*:*:*",
"matchCriteriaId": "7111974A-2A88-4209-8CBB-F872993AE4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908104:*:*:*:*:*:*",
"matchCriteriaId": "35722902-3652-44F1-89C2-08EB51F2A1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908201:*:*:*:*:*:*",
"matchCriteriaId": "E469AC46-D464-4960-8F23-CA59B3DCB7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908202:*:*:*:*:*:*",
"matchCriteriaId": "9CAD88F2-F1AA-4DDE-9E27-52090E2BD49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908203:*:*:*:*:*:*",
"matchCriteriaId": "48F3D2BF-3A1D-4C49-94F5-EDB11E57821C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908204:*:*:*:*:*:*",
"matchCriteriaId": "739948F5-E005-49E3-B412-4E035C7D95E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908205:*:*:*:*:*:*",
"matchCriteriaId": "D1828A75-5088-4992-A06B-A58B62536F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908206:*:*:*:*:*:*",
"matchCriteriaId": "58030F5A-82E1-4D54-A8F0-30CAAD4C8402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908207:*:*:*:*:*:*",
"matchCriteriaId": "9A013753-5E40-4CD8-A649-6CD023E0A970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908208:*:*:*:*:*:*",
"matchCriteriaId": "F554BC79-A92C-4287-9D94-3657C48E36CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908209:*:*:*:*:*:*",
"matchCriteriaId": "F82710D4-3FAB-469F-B15C-F22B4786AE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908210:*:*:*:*:*:*",
"matchCriteriaId": "BDE7B96D-AD37-406D-AF62-3797E7A55119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908211:*:*:*:*:*:*",
"matchCriteriaId": "A9C294EC-F0BE-44DA-9073-D29D693F0964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908212:*:*:*:*:*:*",
"matchCriteriaId": "E05B6CD2-A581-46C2-AEA7-D8A6028FB466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908213:*:*:*:*:*:*",
"matchCriteriaId": "6CEC1380-E75E-40B5-BDE8-94E12317CCCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908214:*:*:*:*:*:*",
"matchCriteriaId": "C7B7079D-785C-4941-929A-C82B54809728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908215:*:*:*:*:*:*",
"matchCriteriaId": "A1ADE91B-0682-4EF9-8724-E0AFFF3685C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908216:*:*:*:*:*:*",
"matchCriteriaId": "31F8FFF5-25BD-408D-9089-567AF16BA608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908217:*:*:*:*:*:*",
"matchCriteriaId": "EE834CFD-5533-4989-8836-D0F07ED4919C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908218:*:*:*:*:*:*",
"matchCriteriaId": "092F9149-6B82-48CD-B90C-87DB36881F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908219:*:*:*:*:*:*",
"matchCriteriaId": "B2EA0EC1-0139-403C-AC9B-08D8530F4A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908220:*:*:*:*:*:*",
"matchCriteriaId": "5A3ADB57-5A7D-4B75-903C-FCBE1FAE9AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908221:*:*:*:*:*:*",
"matchCriteriaId": "755CCD27-3C87-497F-BDBB-48D3163909A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201911001:*:*:*:*:*:*",
"matchCriteriaId": "2130E67D-7F2A-4D82-BEFD-BA42B6B6FDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912001:*:*:*:*:*:*",
"matchCriteriaId": "2635673A-1F6B-4B8D-9C8D-F2FFB9644373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912101:*:*:*:*:*:*",
"matchCriteriaId": "9C0DDCAC-576E-48B6-B67E-E74DBF6C5250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912102:*:*:*:*:*:*",
"matchCriteriaId": "1CE71B5C-586B-4829-9A7E-3A008A1C1E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912401:*:*:*:*:*:*",
"matchCriteriaId": "802A1549-678C-4001-807B-97AD0953B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912402:*:*:*:*:*:*",
"matchCriteriaId": "A6024926-4AE4-4609-99DE-E3173A72058A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912403:*:*:*:*:*:*",
"matchCriteriaId": "AB1CAAFF-616A-4455-86CA-0ED553D3D27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912404:*:*:*:*:*:*",
"matchCriteriaId": "7C2C35E2-EDA5-4B0B-895B-09D2EE6A6B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912405:*:*:*:*:*:*",
"matchCriteriaId": "13C713B1-AEA0-40B0-829E-4D0A23808577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004001:*:*:*:*:*:*",
"matchCriteriaId": "4C501A11-EF97-4402-9366-E624F1CBEDEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004002:*:*:*:*:*:*",
"matchCriteriaId": "52AE4120-4AAE-4F15-8575-4C480FBF7817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004301:*:*:*:*:*:*",
"matchCriteriaId": "04BAED99-1BF3-4089-B6E6-0BE505E6D846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004401:*:*:*:*:*:*",
"matchCriteriaId": "F318EA34-1EB7-484D-B016-3173683B0823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004402:*:*:*:*:*:*",
"matchCriteriaId": "08254171-3483-4796-AD29-8C8A66BEA7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004403:*:*:*:*:*:*",
"matchCriteriaId": "BB87B220-ED25-4818-8E70-A9663CCEF005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004404:*:*:*:*:*:*",
"matchCriteriaId": "1275D19D-05C0-42F8-8402-647E512DAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004405:*:*:*:*:*:*",
"matchCriteriaId": "7D919EB9-F45B-4A4B-9887-7DE98065B766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004406:*:*:*:*:*:*",
"matchCriteriaId": "6CB29FBD-2AD3-49D0-9F49-AE4DD9192C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004407:*:*:*:*:*:*",
"matchCriteriaId": "C2ACA3A8-5B40-45C4-B47F-0DCF04D6700F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004408:*:*:*:*:*:*",
"matchCriteriaId": "92E98665-4919-4D45-88CF-28835DADD6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202006001:*:*:*:*:*:*",
"matchCriteriaId": "C0A275B7-DBF3-4332-8B5F-C9CAD84229B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202008001:*:*:*:*:*:*",
"matchCriteriaId": "497F58A2-0A2C-4A59-A73B-31C956EF3CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202010001:*:*:*:*:*:*",
"matchCriteriaId": "18E8632C-E442-4F18-BFE2-96AE5C839F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202011001:*:*:*:*:*:*",
"matchCriteriaId": "13D69B99-CB36-45DD-9FD9-C58186998200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202011002:*:*:*:*:*:*",
"matchCriteriaId": "EF0BC157-1834-46D8-9BF9-0CE9648C7D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202102001:*:*:*:*:*:*",
"matchCriteriaId": "728136B6-47A7-42BC-9464-7745E4F2B4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202103001:*:*:*:*:*:*",
"matchCriteriaId": "3967967A-E0A5-45B3-999C-D749A9B0C791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202111101:*:*:*:*:*:*",
"matchCriteriaId": "644588BB-2A6D-481C-9B2F-756C23B989DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "4ADC3CFF-7415-46A5-817A-2F053B261E8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
},
{
"lang": "es",
"value": "VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de uso de memoria previamente liberada en el controlador USB XHCI. Un actor malicioso con privilegios administrativos locales en una m\u00e1quina virtual puede aprovechar este problema para ejecutar c\u00f3digo como el proceso VMX de la m\u00e1quina virtual que es ejecutada en el host"
}
],
"id": "CVE-2021-22040",
"lastModified": "2024-11-21T05:49:29.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-16T17:15:10.413",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3982
Vulnerability from fkie_nvd - Published: 2020-10-20 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2020-0023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2020-0023.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "70F4DA98-C1D3-489E-958C-B466BEAD772B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0.0:1.20.16321839:*:*:*:*:*:*",
"matchCriteriaId": "0DB30686-F9E0-4845-BFB6-713043B35736",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*",
"matchCriteriaId": "0CE9D758-2170-4ACD-965C-C76BDA693466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*",
"matchCriteriaId": "FD4A373B-2AC6-4193-9C34-1E4EEB552A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*",
"matchCriteriaId": "E75F4E15-2C5F-4667-B8A4-0EE9895FAEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*",
"matchCriteriaId": "8B75B45F-E25A-4362-856D-465A9F8B70DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*",
"matchCriteriaId": "EDA4AE4C-3BA8-472D-950A-3C8684565CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*",
"matchCriteriaId": "6AA3617D-B911-4BC5-B544-B31D4F43D2B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*",
"matchCriteriaId": "CDC6E0F6-83DF-4670-8D04-A41C7DC1B881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*",
"matchCriteriaId": "047A71B3-CDFB-41F3-B2DE-11360DAE5744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*",
"matchCriteriaId": "F88691FD-F263-4B75-BF21-481BC1623C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*",
"matchCriteriaId": "D2A47CDA-D3DD-4E0F-8268-32A188EA1D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*",
"matchCriteriaId": "36A67476-2E8E-4104-9F10-7AE42F82508F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*",
"matchCriteriaId": "ED029F1A-96D0-4EF2-9148-FC98E8B8FDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*",
"matchCriteriaId": "E2283675-582F-44A8-833B-B5B439CBFA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*",
"matchCriteriaId": "94C4A188-6B00-48C4-B7E2-9F70811BF618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*",
"matchCriteriaId": "F82943E9-E2D0-49F4-BD32-40E84BA1957E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*",
"matchCriteriaId": "3ACB68F5-EC73-4C30-8FD3-F6647F9BCCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*",
"matchCriteriaId": "B854BA24-11FD-4D0C-9EFD-A88E64FED4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*",
"matchCriteriaId": "554434AB-763F-4E95-B616-F7594041D511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*",
"matchCriteriaId": "CE56E7AC-F63D-4A4B-9B45-0E623973B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*",
"matchCriteriaId": "36664142-0111-42F5-A371-AD2C0DF211EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*",
"matchCriteriaId": "49EA78B6-8208-4351-88F9-103CA01EF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*",
"matchCriteriaId": "27AC575F-9AC4-4AA1-A71C-BF9F752295F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*",
"matchCriteriaId": "4C0F47F3-0509-45AC-8EA9-37246E4E6095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*",
"matchCriteriaId": "CE103301-6AEF-4348-8F36-833021739AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*",
"matchCriteriaId": "8D92B2FF-8962-41F9-B019-D83AAAD188FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*",
"matchCriteriaId": "8E6D5227-3421-412F-9BE0-583AA768446D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*",
"matchCriteriaId": "BD2F52AF-D7EF-4F57-8F04-B0C6CD3FED63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*",
"matchCriteriaId": "82BA9EB1-4EFB-4649-92C7-2C307966956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*",
"matchCriteriaId": "2133378D-8DFD-48B9-83A1-9FA7DDC68902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*",
"matchCriteriaId": "57BF8703-0C83-4BA5-B0F7-FB6E45229685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*",
"matchCriteriaId": "DAADDD62-2F6E-4D12-A49F-3D38ACF488E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*",
"matchCriteriaId": "B5834F35-6D9A-48E5-BB5C-3A7D6CCE36D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*",
"matchCriteriaId": "27FA0C0E-B5A2-4619-998B-CFB45496D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*",
"matchCriteriaId": "B98EDBA4-0BA4-4894-B6F6-681117A5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*",
"matchCriteriaId": "8E756914-2C2A-4999-AAEA-2F6835A29C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*",
"matchCriteriaId": "0AC0C89B-26A3-40F7-855F-5F6B36B77F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*",
"matchCriteriaId": "5BF2FE18-A90E-429A-98D1-9A97DD0464B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*",
"matchCriteriaId": "92289D85-0652-41D1-A6BA-D4B8C7EE1F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*",
"matchCriteriaId": "CF41887D-B145-4D01-9AEF-2E36479B2FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*",
"matchCriteriaId": "0FEAF0ED-BD20-4BA6-BB23-1C978B823A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*",
"matchCriteriaId": "36234CE1-FA7E-4534-9720-410435E2BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*",
"matchCriteriaId": "ABE65721-57C0-4748-B159-F6D97CE8CAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*",
"matchCriteriaId": "CD1889D7-3313-4004-AA42-7879E8551413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*",
"matchCriteriaId": "494E0B07-CE16-46D4-A89B-4F12A6CECDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*",
"matchCriteriaId": "DD046237-16D7-4A57-9F09-2A6A649368C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*",
"matchCriteriaId": "8343E8DB-1D54-4B82-9254-2E2AFC548609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*",
"matchCriteriaId": "F853B5B8-E8F8-4EA2-90EB-0603F4AADAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*",
"matchCriteriaId": "0169E032-F47A-45E0-BC33-B7DF54EC11BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*",
"matchCriteriaId": "B0FCF0BB-9905-415A-8E30-DB96CCC49782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904201-ug:*:*:*:*:*:*",
"matchCriteriaId": "7264CDC9-FB2D-45A9-9307-C197B1052477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*",
"matchCriteriaId": "0C02E0DF-7656-475B-B028-10406DAB30F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904202-ug:*:*:*:*:*:*",
"matchCriteriaId": "D0538570-759A-441A-BC37-556642C090F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*",
"matchCriteriaId": "41340C91-4E96-4578-BB96-6758EBE072E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904203-ug:*:*:*:*:*:*",
"matchCriteriaId": "9CF906E5-A846-49BA-925B-C6059FD02BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*",
"matchCriteriaId": "FAE29DD3-BFC7-4781-A805-DE379CAB3DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904204-ug:*:*:*:*:*:*",
"matchCriteriaId": "7D3D0230-53D4-469F-AD46-74F057F6F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*",
"matchCriteriaId": "322DC091-A4A1-4534-AB5C-0030114A63D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904205-ug:*:*:*:*:*:*",
"matchCriteriaId": "8D8E89CE-C919-4CDF-98BE-BA9A126B36BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*",
"matchCriteriaId": "4B23002D-D157-412F-B2ED-CD4504C79987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904206-ug:*:*:*:*:*:*",
"matchCriteriaId": "73DA1453-4756-4C16-9640-B3B0C6F617DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*",
"matchCriteriaId": "8A2AE141-7503-4C0B-B0F1-B67A898FDF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904207-ug:*:*:*:*:*:*",
"matchCriteriaId": "589EE886-6927-4AEA-903C-155C23B1747A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*",
"matchCriteriaId": "4547B798-9F00-4B28-B667-9D38B9E3591B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904208-ug:*:*:*:*:*:*",
"matchCriteriaId": "3BDDFA27-0D99-4D98-B00F-5D038488BAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*",
"matchCriteriaId": "53129601-DDA4-4BF4-8F63-A88890F2D7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904209-ug:*:*:*:*:*:*",
"matchCriteriaId": "3F931502-8460-4373-92D7-CFD817F4A062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*",
"matchCriteriaId": "B48B12F8-0B49-404E-A6B4-1F6108687C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904210-ug:*:*:*:*:*:*",
"matchCriteriaId": "287D4E48-4890-46C2-8B9B-1CE484C9D30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*",
"matchCriteriaId": "8CED027A-5B1B-44CC-81DA-AAD00D551C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904211-ug:*:*:*:*:*:*",
"matchCriteriaId": "A916EB29-ADE4-4D65-BF8E-98B44E466AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*",
"matchCriteriaId": "94F87F69-37DD-4170-ACA0-742EE8CFD00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904212-ug:*:*:*:*:*:*",
"matchCriteriaId": "BC024B88-DEDD-49E5-B668-5B00C212B6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*",
"matchCriteriaId": "ACC3D191-BB1B-4875-9A58-1E6D53128062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904213-ug:*:*:*:*:*:*",
"matchCriteriaId": "DB9F131B-46BE-44F8-904B-FD0839926B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*",
"matchCriteriaId": "BD858E05-6FDE-4EDE-95C7-CA16B66BE7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904214-ug:*:*:*:*:*:*",
"matchCriteriaId": "BA2195E5-3BAD-4E90-BE40-A59C0A6A9EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*",
"matchCriteriaId": "FFCC4027-ED2E-4993-9C3E-FDEBF94EFF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904215-ug:*:*:*:*:*:*",
"matchCriteriaId": "1503D3D9-E1A7-41F9-B26D-0AED8ABE6FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*",
"matchCriteriaId": "62772E13-0198-4021-9FB0-59124086B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904216-ug:*:*:*:*:*:*",
"matchCriteriaId": "7BD28EE0-808D-4A76-B707-F163527608C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*",
"matchCriteriaId": "C8A565A1-E4F0-4683-9DD6-D3B595A0B2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904217-ug:*:*:*:*:*:*",
"matchCriteriaId": "79225541-575F-44FC-8ED6-24BA6A4128EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*",
"matchCriteriaId": "7B8868CD-EA52-438C-BFDD-EB41C98BA425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904218-ug:*:*:*:*:*:*",
"matchCriteriaId": "8A4A62CD-A46B-4612-9DC8-7744E6D5EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*",
"matchCriteriaId": "2F42557E-2FB2-4902-A6E8-CDDDC5E6CAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904219-ug:*:*:*:*:*:*",
"matchCriteriaId": "D526CE1D-ED76-44EB-9377-53EF7556E254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*",
"matchCriteriaId": "00ECE661-E187-4999-B2CC-CF0EBAE83253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904220-ug:*:*:*:*:*:*",
"matchCriteriaId": "D7E92A1C-40EB-441B-A634-42609527210A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*",
"matchCriteriaId": "6C225598-9636-4095-84FE-DD671F2D6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904221-ug:*:*:*:*:*:*",
"matchCriteriaId": "111A10BE-FC5A-4272-9719-1DED62694A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*",
"matchCriteriaId": "58C577E8-4B2B-4D91-AFCA-81C7FA04B897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904222-ug:*:*:*:*:*:*",
"matchCriteriaId": "FC65FCFC-CD55-401A-8986-A1DBF544D228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*",
"matchCriteriaId": "B7F8E29D-A3C1-4223-BDC3-CCED7C6FC86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904223-ug:*:*:*:*:*:*",
"matchCriteriaId": "EEBD3AEC-284C-44E1-A4CD-010787114737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*",
"matchCriteriaId": "41DE747D-30C9-470D-8447-47B8C95311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904224-ug:*:*:*:*:*:*",
"matchCriteriaId": "42F87C20-5A00-43C9-A445-50AD716233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*",
"matchCriteriaId": "9D4D1283-BEC0-4FFC-8DC1-812D7A069F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904225-ug:*:*:*:*:*:*",
"matchCriteriaId": "C1412AFC-CBE8-4151-B01D-785F11ACAB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*",
"matchCriteriaId": "97F27723-5065-4A57-AF07-F9BD35B9B32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904226-ug:*:*:*:*:*:*",
"matchCriteriaId": "6431DD1F-2269-4AFB-B486-9B6373F41C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*",
"matchCriteriaId": "94383F22-6A4B-43A5-BA4D-6D25698DFF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904227-ug:*:*:*:*:*:*",
"matchCriteriaId": "3BA5D0CB-E5B0-4C95-91A7-C662BAE01483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*",
"matchCriteriaId": "0F27B6FA-DFF5-4A67-BA3A-E34F38DC3D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904228-ug:*:*:*:*:*:*",
"matchCriteriaId": "A86BDAB4-3924-45A8-9130-517DEA184FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*",
"matchCriteriaId": "E58409B9-DCF2-4383-8A39-D7CE0136EFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904229-ug:*:*:*:*:*:*",
"matchCriteriaId": "A6EAE07B-2849-4E3B-B8D0-F68E6440A9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201905001:*:*:*:*:*:*",
"matchCriteriaId": "00CF4E83-EA1C-4058-8BCC-09B495255F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201906002:*:*:*:*:*:*",
"matchCriteriaId": "86626D15-8D73-48BA-970B-CE661D5BB59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908101:*:*:*:*:*:*",
"matchCriteriaId": "2308CED4-314E-4CFE-8B1F-7B6CAA637A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908102:*:*:*:*:*:*",
"matchCriteriaId": "9969057F-BD3A-474E-8A02-087575A8AA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908103:*:*:*:*:*:*",
"matchCriteriaId": "7111974A-2A88-4209-8CBB-F872993AE4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908104:*:*:*:*:*:*",
"matchCriteriaId": "35722902-3652-44F1-89C2-08EB51F2A1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908201:*:*:*:*:*:*",
"matchCriteriaId": "E469AC46-D464-4960-8F23-CA59B3DCB7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908202:*:*:*:*:*:*",
"matchCriteriaId": "9CAD88F2-F1AA-4DDE-9E27-52090E2BD49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908203:*:*:*:*:*:*",
"matchCriteriaId": "48F3D2BF-3A1D-4C49-94F5-EDB11E57821C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908204:*:*:*:*:*:*",
"matchCriteriaId": "739948F5-E005-49E3-B412-4E035C7D95E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908205:*:*:*:*:*:*",
"matchCriteriaId": "D1828A75-5088-4992-A06B-A58B62536F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908206:*:*:*:*:*:*",
"matchCriteriaId": "58030F5A-82E1-4D54-A8F0-30CAAD4C8402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908207:*:*:*:*:*:*",
"matchCriteriaId": "9A013753-5E40-4CD8-A649-6CD023E0A970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908208:*:*:*:*:*:*",
"matchCriteriaId": "F554BC79-A92C-4287-9D94-3657C48E36CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908209:*:*:*:*:*:*",
"matchCriteriaId": "F82710D4-3FAB-469F-B15C-F22B4786AE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908210:*:*:*:*:*:*",
"matchCriteriaId": "BDE7B96D-AD37-406D-AF62-3797E7A55119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908211:*:*:*:*:*:*",
"matchCriteriaId": "A9C294EC-F0BE-44DA-9073-D29D693F0964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908212:*:*:*:*:*:*",
"matchCriteriaId": "E05B6CD2-A581-46C2-AEA7-D8A6028FB466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908213:*:*:*:*:*:*",
"matchCriteriaId": "6CEC1380-E75E-40B5-BDE8-94E12317CCCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908214:*:*:*:*:*:*",
"matchCriteriaId": "C7B7079D-785C-4941-929A-C82B54809728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908215:*:*:*:*:*:*",
"matchCriteriaId": "A1ADE91B-0682-4EF9-8724-E0AFFF3685C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908216:*:*:*:*:*:*",
"matchCriteriaId": "31F8FFF5-25BD-408D-9089-567AF16BA608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908217:*:*:*:*:*:*",
"matchCriteriaId": "EE834CFD-5533-4989-8836-D0F07ED4919C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908218:*:*:*:*:*:*",
"matchCriteriaId": "092F9149-6B82-48CD-B90C-87DB36881F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908219:*:*:*:*:*:*",
"matchCriteriaId": "B2EA0EC1-0139-403C-AC9B-08D8530F4A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908220:*:*:*:*:*:*",
"matchCriteriaId": "5A3ADB57-5A7D-4B75-903C-FCBE1FAE9AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908221:*:*:*:*:*:*",
"matchCriteriaId": "755CCD27-3C87-497F-BDBB-48D3163909A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912001:*:*:*:*:*:*",
"matchCriteriaId": "2635673A-1F6B-4B8D-9C8D-F2FFB9644373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912101:*:*:*:*:*:*",
"matchCriteriaId": "9C0DDCAC-576E-48B6-B67E-E74DBF6C5250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912102:*:*:*:*:*:*",
"matchCriteriaId": "1CE71B5C-586B-4829-9A7E-3A008A1C1E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912401:*:*:*:*:*:*",
"matchCriteriaId": "802A1549-678C-4001-807B-97AD0953B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912402:*:*:*:*:*:*",
"matchCriteriaId": "A6024926-4AE4-4609-99DE-E3173A72058A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912403:*:*:*:*:*:*",
"matchCriteriaId": "AB1CAAFF-616A-4455-86CA-0ED553D3D27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912404:*:*:*:*:*:*",
"matchCriteriaId": "7C2C35E2-EDA5-4B0B-895B-09D2EE6A6B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912405:*:*:*:*:*:*",
"matchCriteriaId": "13C713B1-AEA0-40B0-829E-4D0A23808577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004001:*:*:*:*:*:*",
"matchCriteriaId": "4C501A11-EF97-4402-9366-E624F1CBEDEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004002:*:*:*:*:*:*",
"matchCriteriaId": "52AE4120-4AAE-4F15-8575-4C480FBF7817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004301:*:*:*:*:*:*",
"matchCriteriaId": "04BAED99-1BF3-4089-B6E6-0BE505E6D846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004401:*:*:*:*:*:*",
"matchCriteriaId": "F318EA34-1EB7-484D-B016-3173683B0823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004402:*:*:*:*:*:*",
"matchCriteriaId": "08254171-3483-4796-AD29-8C8A66BEA7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004403:*:*:*:*:*:*",
"matchCriteriaId": "BB87B220-ED25-4818-8E70-A9663CCEF005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004404:*:*:*:*:*:*",
"matchCriteriaId": "1275D19D-05C0-42F8-8402-647E512DAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004405:*:*:*:*:*:*",
"matchCriteriaId": "7D919EB9-F45B-4A4B-9887-7DE98065B766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004406:*:*:*:*:*:*",
"matchCriteriaId": "6CB29FBD-2AD3-49D0-9F49-AE4DD9192C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004407:*:*:*:*:*:*",
"matchCriteriaId": "C2ACA3A8-5B40-45C4-B47F-0DCF04D6700F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004408:*:*:*:*:*:*",
"matchCriteriaId": "92E98665-4919-4D45-88CF-28835DADD6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202006001:*:*:*:*:*:*",
"matchCriteriaId": "C0A275B7-DBF3-4332-8B5F-C9CAD84229B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202008001:*:*:*:*:*:*",
"matchCriteriaId": "497F58A2-0A2C-4A59-A73B-31C956EF3CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:2:*:*:*:*:*:*",
"matchCriteriaId": "60405BAB-A6C6-4AD8-A5D2-EAD114FE931F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*",
"matchCriteriaId": "04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*",
"matchCriteriaId": "0D2ED442-3F6D-472A-AA98-51D05A65B2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*",
"matchCriteriaId": "2A71EC72-3389-4EC7-8104-2A78F7B8C0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*",
"matchCriteriaId": "F948E806-0F73-4145-A723-7A43BA45842B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*",
"matchCriteriaId": "75FAFF86-C65F-4723-8A63-BACE2F797937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*",
"matchCriteriaId": "DBC31DE3-ACFE-422F-B253-2FE4AAFE3954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*",
"matchCriteriaId": "B30B3EA4-495F-4915-B6E3-5FB9277C2DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*",
"matchCriteriaId": "6FA9E337-B4F3-4895-BA58-962F8CDEE73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*",
"matchCriteriaId": "830B0BC1-A368-49AC-B6C9-B000972EF92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*",
"matchCriteriaId": "614394F3-3BEE-4E12-AABF-436D54A04313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*",
"matchCriteriaId": "350FD3CE-8B64-4FCF-82DE-BE941156F4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*",
"matchCriteriaId": "C9EAE177-6C7E-4C1B-ADEE-2C036F731272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*",
"matchCriteriaId": "DFFEEC31-8462-4DF9-A1DA-D7057C209CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*",
"matchCriteriaId": "0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*",
"matchCriteriaId": "942DAD67-9455-4D02-BD3B-BFD2DE7A7E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*",
"matchCriteriaId": "7ACC1A72-F6B6-430A-AB89-AB0A11587F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*",
"matchCriteriaId": "45111C74-BF6F-4C05-A0D3-CE325AD0C02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*",
"matchCriteriaId": "B1CE5849-01B1-4E36-83E8-496A3F328C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*",
"matchCriteriaId": "A879BA05-3A80-4EBC-AA9D-9B53695425B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*",
"matchCriteriaId": "3D65A0E8-A1E0-42F3-B77D-2F32979278BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*",
"matchCriteriaId": "80C10150-39BA-4818-B48F-8645D4A0D316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*",
"matchCriteriaId": "9792B986-86EF-40E0-9427-A45F858717E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*",
"matchCriteriaId": "37EDD688-C91A-4A35-913A-82E156ADD242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*",
"matchCriteriaId": "5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*",
"matchCriteriaId": "47DA50DA-7CA4-4B76-8B3B-A5732509F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*",
"matchCriteriaId": "76EB1A04-0645-4909-AEF9-33D6FADA4793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*",
"matchCriteriaId": "F1A35723-D968-42D6-89EB-86CA550516E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*",
"matchCriteriaId": "C3AC8A19-F98E-48F1-A1EA-EAA1C7208335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*",
"matchCriteriaId": "2D6A3952-8429-4762-8701-47D7C1F05A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*",
"matchCriteriaId": "5B007609-C312-469B-BACF-04D6D80DADF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*",
"matchCriteriaId": "514F2ECD-FC55-42A5-BEE4-DA7641CC93A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*",
"matchCriteriaId": "3594E391-19CD-4803-8285-FA11BE63AB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*",
"matchCriteriaId": "2CEC248D-502E-4A8D-8786-CD72A2E3AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*",
"matchCriteriaId": "4F08529C-B14C-45FB-AEA1-77D12C88CB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*",
"matchCriteriaId": "617835F5-49DA-4B42-8C7B-C122D7363A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*",
"matchCriteriaId": "E7DF3ED7-FA3F-4EBC-99AC-B7AD20E85927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*",
"matchCriteriaId": "9ED86C29-2EA6-41DD-ACCB-1E02F9CB747E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*",
"matchCriteriaId": "DE1372AD-2853-4BED-BB71-6BACB28B95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*",
"matchCriteriaId": "F0E684DF-9E45-459E-AB75-6B4653E5C7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*",
"matchCriteriaId": "B3DDD3E9-186F-472C-BA76-C2A363206792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*",
"matchCriteriaId": "A09E9914-DB27-41EF-B55D-5B79ECD1DA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*",
"matchCriteriaId": "7F916A39-13BD-44A7-A9EC-1FD40EBE357C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*",
"matchCriteriaId": "4F8219B4-1FC2-4383-83E6-92DF700C72D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-20191004001:*:*:*:*:*:*",
"matchCriteriaId": "C44C9D6A-8BBE-4970-A732-B9F86D42A55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911001:*:*:*:*:*:*",
"matchCriteriaId": "427F4ED8-8782-4BDF-A559-11CB8E0A65F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911401:*:*:*:*:*:*",
"matchCriteriaId": "63DDC95E-BBCD-4A68-9AFB-B5F9D206818E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911402:*:*:*:*:*:*",
"matchCriteriaId": "B27E3424-5D4E-4E5D-8762-7AECBB11FE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912001:*:*:*:*:*:*",
"matchCriteriaId": "2D217AAB-D45F-480B-8F82-16B261F370D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912002:*:*:*:*:*:*",
"matchCriteriaId": "1B58312B-D72B-4F13-9EF5-0F42CE592757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912101:*:*:*:*:*:*",
"matchCriteriaId": "8FBB88C2-793A-40F2-AA40-EC315115AE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912102:*:*:*:*:*:*",
"matchCriteriaId": "21F59801-904B-427F-A1A9-C933E38AB7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912103:*:*:*:*:*:*",
"matchCriteriaId": "5A3FFDE9-FD36-41F9-AC35-E14BB6AEF7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912104:*:*:*:*:*:*",
"matchCriteriaId": "D22AFAE1-F817-4037-8EE5-AF04314AAAB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912301:*:*:*:*:*:*",
"matchCriteriaId": "8D4C44D6-73AD-48A3-B5F3-31B1FDC77E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912401:*:*:*:*:*:*",
"matchCriteriaId": "5D1694B2-1CD9-4943-8CFF-38218CDB88F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912402:*:*:*:*:*:*",
"matchCriteriaId": "154B54C8-1D65-4D3E-A64B-CF2D21E71FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912403:*:*:*:*:*:*",
"matchCriteriaId": "D86BCD56-4BD6-4C61-B80E-12E47D12A00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912404:*:*:*:*:*:*",
"matchCriteriaId": "6741A159-1D92-4E25-BD43-606DE1138D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-202005001:*:*:*:*:*:*",
"matchCriteriaId": "DCC98C53-EEC1-4CFE-9C31-9F2592723B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-202006001:*:*:*:*:*:*",
"matchCriteriaId": "C565246C-896C-4E48-8C24-344C9B0A3057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-202007001:*:*:*:*:*:*",
"matchCriteriaId": "8479F377-4F47-433D-867D-A94A4B0E46EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD43625B-DBC4-460B-A7DA-F1EA254806DB",
"versionEndExcluding": "3.10.1",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A68886-4079-4BE1-9E51-6022ED680B86",
"versionEndExcluding": "4.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "6379C7C4-38B7-4A40-BAA4-D99A760E6FF6",
"versionEndIncluding": "15.5.6",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "514A55BF-11F2-4ECE-BAD5-DEA9A4FADC40",
"versionEndIncluding": "15.5.6",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0DDB53-0355-48F7-AE05-DCACBB14F6F8",
"versionEndExcluding": "11.5.6",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine\u0027s vmx process or corrupt hypervisor\u0027s memory heap."
},
{
"lang": "es",
"value": "VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202008101-SG, versiones 6.5 anteriores a ESXi650-202007101-SG), Workstation (versiones 15.x), Fusion (versiones 11.x anteriores a de 11.5.6), contienen una vulnerabilidad de escritura fuera de l\u00edmites debido a un problema time-of-check time-of-use en el dispositivo ACPI.\u0026#xa0;Un actor malicioso con acceso administrativo a una m\u00e1quina virtual puede ser capaz de explotar esta vulnerabilidad para bloquear el proceso vmx de la m\u00e1quina virtual o corromper la pila de la memoria del hipervisor"
}
],
"id": "CVE-2020-3982",
"lastModified": "2024-11-21T05:32:06.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-20T17:15:12.733",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3988
Vulnerability from fkie_nvd - Published: 2020-09-16 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_client | * | |
| vmware | workstation_player | * | |
| vmware | workstation_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6601BC5A-C99B-4B9A-A112-C4382C04171C",
"versionEndExcluding": "5.4.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1D4AB-9A63-4660-B07A-5A78B3D16962",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14D38E88-C39B-4DB7-91E6-3EBE20ED27FC",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
},
{
"lang": "es",
"value": "VMware Workstation (versi\u00f3n 15.x) y Horizon Client para Windows (versi\u00f3n 5.x anteriores a 5.4.4), contienen una vulnerabilidad de lectura fuera de l\u00edmites en el componente Cortado ThinPrint (analizador JPEG2000).\u0026#xa0;Un actor malicioso con acceso normal a una m\u00e1quina virtual puede explotar estos problemas para crear una condici\u00f3n de denegaci\u00f3n de servicio parcial o para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde est\u00e1 instalado Workstation o Horizon Client para Windows"
}
],
"id": "CVE-2020-3988",
"lastModified": "2024-11-21T05:32:07.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-16T17:15:14.017",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3989
Vulnerability from fkie_nvd - Published: 2020-09-16 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_client | * | |
| vmware | workstation_player | * | |
| vmware | workstation_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6601BC5A-C99B-4B9A-A112-C4382C04171C",
"versionEndExcluding": "5.4.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1D4AB-9A63-4660-B07A-5A78B3D16962",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14D38E88-C39B-4DB7-91E6-3EBE20ED27FC",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
},
{
"lang": "es",
"value": "VMware Workstation (versi\u00f3n 15.x) y Horizon Client para Windows (versi\u00f3n 5.x anteriores a 5.4.4), contienen una vulnerabilidad de denegaci\u00f3n de servicio debido a un problema de escritura fuera de l\u00edmites en el componente Cortado ThinPrint.\u0026#xa0;Un actor malicioso con acceso normal a una m\u00e1quina virtual puede ser capaz de explotar este problema para crear una condici\u00f3n de denegaci\u00f3n de servicio parcial en el sistema donde est\u00e1 instalado Workstation o Horizon Client para Windows.\u0026#xa0;La explotaci\u00f3n solo es posible si se ha habilitado la impresi\u00f3n virtual.\u0026#xa0;Esta funci\u00f3n no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon Client"
}
],
"id": "CVE-2020-3989",
"lastModified": "2024-11-21T05:32:07.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-16T17:15:14.093",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3990
Vulnerability from fkie_nvd - Published: 2020-09-16 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_client | * | |
| vmware | workstation_player | * | |
| vmware | workstation_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6601BC5A-C99B-4B9A-A112-C4382C04171C",
"versionEndExcluding": "5.4.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1D4AB-9A63-4660-B07A-5A78B3D16962",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14D38E88-C39B-4DB7-91E6-3EBE20ED27FC",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
},
{
"lang": "es",
"value": "VMware Workstation (versi\u00f3n 15.x) y Horizon Client para Windows (versiones 5.x anteriores a 5.4.4), contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a un problema de desbordamiento de enteros en el componente Cortado ThinPrint.\u0026#xa0;Un actor malicioso con acceso normal a una m\u00e1quina virtual puede ser capaz de explotar este problema para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde est\u00e1 instalado Workstation o Horizon Client para Windows.\u0026#xa0;La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada.\u0026#xa0;Esta funci\u00f3n no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon Client"
}
],
"id": "CVE-2020-3990",
"lastModified": "2024-11-21T05:32:07.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-16T17:15:14.203",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3987
Vulnerability from fkie_nvd - Published: 2020-09-16 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_client | * | |
| vmware | workstation_player | * | |
| vmware | workstation_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6601BC5A-C99B-4B9A-A112-C4382C04171C",
"versionEndExcluding": "5.4.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1D4AB-9A63-4660-B07A-5A78B3D16962",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14D38E88-C39B-4DB7-91E6-3EBE20ED27FC",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
},
{
"lang": "es",
"value": "VMware Workstation (versi\u00f3n 15.x) y Horizon Client para Windows (versi\u00f3n 5.x anteriores a 5.4.4), contienen una vulnerabilidad de lectura fuera de l\u00edmites en el componente Cortado ThinPrint (analizador EMR STRETCHDIBITS).\u0026#xa0;Un actor malicioso con acceso normal a una m\u00e1quina virtual puede explotar estos problemas para crear una condici\u00f3n de denegaci\u00f3n de servicio parcial o para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde est\u00e1 instalada Workstation o Horizon Client para Windows"
}
],
"id": "CVE-2020-3987",
"lastModified": "2024-11-21T05:32:07.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-16T17:15:13.957",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3986
Vulnerability from fkie_nvd - Published: 2020-09-16 17:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_client | * | |
| vmware | workstation_player | * | |
| vmware | workstation_pro | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6601BC5A-C99B-4B9A-A112-C4382C04171C",
"versionEndExcluding": "5.4.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1D4AB-9A63-4660-B07A-5A78B3D16962",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14D38E88-C39B-4DB7-91E6-3EBE20ED27FC",
"versionEndExcluding": "16.0.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
},
{
"lang": "es",
"value": "VMware Workstation (versi\u00f3n 15.x) y Horizon Client para Windows (versi\u00f3n 5.x anteriores a 5.4.4), contienen una vulnerabilidad de lectura fuera de l\u00edmites en el componente Cortado ThinPrint (Analizador EMF).\u0026#xa0;Un actor malicioso con acceso normal a una m\u00e1quina virtual puede explotar estos problemas para crear una condici\u00f3n de denegaci\u00f3n de servicio parcial o para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde est\u00e1 instalado Workstation o Horizon Client para Windows"
}
],
"id": "CVE-2020-3986",
"lastModified": "2024-11-21T05:32:06.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-16T17:15:13.890",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-5511
Vulnerability from fkie_nvd - Published: 2018-04-13 13:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K30500703 | Vendor Advisory | |
| f5sirt@f5.com | https://www.exploit-db.com/exploits/46600/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K30500703 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46600/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD7E85A-BE85-4CA1-B9CB-0888735EA132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074CB0CC-E7CD-402E-9EFD-954DAB79D68B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EAD6EA-811F-4193-A83D-E70A9A53AFC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D536A57-C7DB-4CE1-AE13-254C650343A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5491BC3C-EE0C-43FA-B870-BBF9FC4FADB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FDBD38-369B-4007-8D9A-B65B83B2AABD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7714D5-C0B3-42E0-9F33-C52A93472D04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB414A2A-AA17-4137-8881-9B7BAFA5E918",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A1E194-8FBF-4546-B8D6-6C3B9B142401",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0948894-8098-4532-9E4A-9491E3761C95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE647AD-9B1C-4C8F-9374-9E06677AFF2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4CB875-6B18-4EA7-8948-189F0130CF1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2F72B2-84F2-4FA2-9B53-E98344235EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAFAF12-3981-4180-9C2C-994B93DACFCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE47FF9-E13D-41D3-BEA2-EF1B973CB0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:14.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF42475C-4684-4EBE-B228-718967A6F650",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation_player:15.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "577BAFEB-BC5C-407B-B9D2-0ECD0FE1C946",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
},
{
"lang": "es",
"value": "En F5 BIG-IP, de la versi\u00f3n 13.1.0 a la 13.1.0.3 o en la versi\u00f3n 13.0.0, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Management User Interface), tambi\u00e9n llamado utilidad BIG-IP Configuration, podr\u00edan no aplicarse las restricciones sobre los comandos permitidos."
}
],
"id": "CVE-2018-5511",
"lastModified": "2024-11-21T04:08:57.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-13T13:29:00.847",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46600/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46600/"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6957
Vulnerability from fkie_nvd - Published: 2018-03-15 19:29 - Updated: 2024-11-21 04:11
Severity ?
Summary
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/103431 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1040539 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2018-0008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103431 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040539 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0008.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01DDAE03-7486-4F2E-99CD-CD400CB0F72F",
"versionEndExcluding": "14.1.1",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14CAB08C-37EE-40F9-B4C7-9DD5FD6DFDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00F69EAD-F5CD-43C9-921A-7AD78C362EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EA738637-C31F-487F-B2E5-2B03AE9BE89D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F44F5FBF-DD1D-41F8-A1EC-9720DBC89008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDBF213-94A3-4C13-B17F-3903B6C6D7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3516D484-83AF-470E-9E9A-AFE3BBE4F75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5A845C-E2CA-4C3A-8019-22C7DC2EA6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB1B255-E6CD-439D-A871-81D8D1A1757E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8000ABCB-2017-41AB-9C94-BF183A840F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B53C77FA-7370-4773-9BFE-439514EE5A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A905AAA0-B3CE-47B4-A3C4-13DAC53B8DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "044BF7CD-E0C7-4FFA-B5BB-0907CD65E353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "119D5B47-E905-4AE2-B423-4096142E2DCF",
"versionEndExcluding": "14.1.1",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BFE98E-486A-4ABC-B5A3-264459900387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CDB0AC-25B6-4397-9784-386C81C37352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DB274-B645-445C-9558-4F42FEAACF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1787E49C-19A5-428D-9BEA-5500B3DD60F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB2C59D-2F2E-4D2D-B552-8425FB795687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C83B3D50-43FF-4034-9C75-F44939D60378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1613CB4-1088-40F1-A5E8-584284A980D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4668751B-92FD-46ED-A19D-7853F30FC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B166B022-46C1-4C4A-8428-7489F1D34A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E46DF6A3-E8DE-4EDF-872E-2BD44235C91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F861F9-E59D-4A25-8AC2-8C8C9FE11FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7358D7A7-72E2-4A77-B15A-CB80D8DE945D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61B23099-25EB-44B6-A62B-2E46CD151994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20453B9E-D3AD-403F-B1A5-FB3300FBB0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6759F732-8E65-49F7-B46C-B1E3F856B11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A55F26BA-4AFA-419A-BB0E-5C369F58F126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D91C182F-A8D2-4ABF-B202-261056EF93D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B34B944F-073D-4B52-8B92-0620603885DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C5D443-A330-40DF-939B-10597147CE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BF8A2A-295D-44D6-A38E-D4C35437F380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC08D3D5-5D46-45C7-BD43-81E1D18FAB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "574DB25B-51E1-466A-8089-5108DB5D6FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF7F09F-D8B3-40AF-9111-E7C14832C5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "555DD10F-7EA8-4107-A31F-2C7CED41058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE4888B-156C-48BC-8035-3A0424CB6037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4DA202-3D18-4DDC-89E4-81FFF68EDFD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7419FA0-119C-4C1C-A071-90A9F8ECDB32",
"versionEndExcluding": "10.1.1",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled."
},
{
"lang": "es",
"value": "VMware Workstation (versiones 14.x anteriores a la 14.1.1 y 12.x) y Fusion (10.x anteriores a la 10.1.1 y 8.x) contiene una vulnerabilidad de denegaci\u00f3n de servicio (DoS) que se puede desencadenar al abrir un n\u00famero excesivo de sesiones VNC. Nota: Para que su explotaci\u00f3n sea posible en Workstation y Fusion, se debe habilitar VNC manualmente."
}
],
"id": "CVE-2018-6957",
"lastModified": "2024-11-21T04:11:28.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-15T19:29:01.343",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103431"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040539"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4903
Vulnerability from fkie_nvd - Published: 2017-06-07 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/97160 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1038148 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1038149 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2017-0006.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97160 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038148 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038149 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2017-0006.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB0B91B-F8F6-456F-8FBD-7B98A9ABA95A",
"versionEndExcluding": "12.5.5",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F1AB0A-CD31-4FE7-AE1F-4C6A111D1C62",
"versionEndExcluding": "12.5.5",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "BB90FDCA-A848-4D4D-8A6F-FD04D702EC85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:1:*:*:*:*:*:*",
"matchCriteriaId": "4DC223AC-EB3D-48CF-A6CC-D35E00A38394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:2:*:*:*:*:*:*",
"matchCriteriaId": "75C8E87E-A869-49F8-89F9-DE64A45CDB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:3a:*:*:*:*:*:*",
"matchCriteriaId": "E7F8878C-F73D-4549-9607-74880176D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:3b:*:*:*:*:*:*",
"matchCriteriaId": "E47D369F-13B2-42B3-BB74-60AAD0954B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3E8861F4-D390-4738-BBF0-9EE4684E9667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*",
"matchCriteriaId": "52403C80-3022-4E5B-B16A-24B116D1E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*",
"matchCriteriaId": "FBECED2E-05FD-492E-8B57-9BB8ADA82444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*",
"matchCriteriaId": "3C3FBBA4-01FA-45B5-AEDF-FFFE941163FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*",
"matchCriteriaId": "A63E3C72-3145-4661-BBCD-8A67EC0CDDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*",
"matchCriteriaId": "9159F6E1-6A36-4D3C-85B1-2205B90CD244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*",
"matchCriteriaId": "C2C08C24-FBAC-49B8-AABF-4FF8BADA3412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*",
"matchCriteriaId": "2B9D5E67-78C9-495E-91F0-AF94871E5FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*",
"matchCriteriaId": "6D35CDFE-F0E7-43F7-A307-E3BDDE5AEAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*",
"matchCriteriaId": "ADC13026-3B5A-4BF0-BDEC-B77338E427E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*",
"matchCriteriaId": "6CBA70BA-FFCD-4D2D-AD26-95CC62748937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*",
"matchCriteriaId": "4C92DD8B-8AB8-40D4-8E86-12FEB055D37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*",
"matchCriteriaId": "C58D77F5-CDB2-47DA-A879-BABEBE2E1E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*",
"matchCriteriaId": "D0C324FB-3989-4A4A-BF5B-C40CA698DDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*",
"matchCriteriaId": "0E7AC58E-D1F8-4FDF-9A28-61CF6158330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*",
"matchCriteriaId": "489EE0F6-5510-470E-8711-DC08B4AFB4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*",
"matchCriteriaId": "6719ED6F-CBC3-4B1E-9343-23DC3BA15FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*",
"matchCriteriaId": "DDAA48A9-9319-4104-B151-D529E5EBF0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*",
"matchCriteriaId": "D16CD918-5075-4975-8B1E-21D8AD35A28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*",
"matchCriteriaId": "7A38CD8E-494D-4E0E-A300-8550FC81FAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*",
"matchCriteriaId": "1F40ABE8-8DED-4633-A34C-00DF5D510E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*",
"matchCriteriaId": "1736B975-089B-413C-8CA0-5524B957EF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*",
"matchCriteriaId": "0E4DCBF6-7189-497A-B923-08574443172C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*",
"matchCriteriaId": "16FBA646-0B5E-44A7-BB12-29D5C611AEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*",
"matchCriteriaId": "29F57497-7B48-4D0C-B8F5-8D33062BECEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*",
"matchCriteriaId": "ADDE96C7-C489-4D14-990B-8524627A23D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*",
"matchCriteriaId": "AD82C093-FD98-45DE-9EE6-A05E81A1FEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*",
"matchCriteriaId": "08789F9E-CDC7-4F89-B925-92C9E3AE5234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*",
"matchCriteriaId": "26ABB84C-B4BF-424E-8F4C-D2B6BE0AC79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*",
"matchCriteriaId": "621C203B-4B66-49CC-A35D-D7703109BF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*",
"matchCriteriaId": "3261BDEF-D89C-41D9-A360-EC36EAB17490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*",
"matchCriteriaId": "5170A4F6-02B7-4225-B944-73DB5A4D332C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*",
"matchCriteriaId": "62A97DBA-A56B-4F0B-B9C4-44B5166681AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*",
"matchCriteriaId": "806C8BE6-A2BE-45BE-BEF2-396BEB16FCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*",
"matchCriteriaId": "DBA6211E-134A-484E-8444-FBB5070B395D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*",
"matchCriteriaId": "3E7B05B3-4076-4A44-B9A6-A44419F175C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*",
"matchCriteriaId": "1A1636B4-6E79-42D7-AA62-5EE43412B43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*",
"matchCriteriaId": "0F0377D0-BBED-41BF-80C5-58414ED413EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*",
"matchCriteriaId": "6495283C-D18A-4DDA-852E-46F2273D6DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*",
"matchCriteriaId": "09DEFEE5-5E9E-4F3A-A245-3E8E2B291339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*",
"matchCriteriaId": "4B5A97A3-65DB-4697-9CF1-B4F5E4E4132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*",
"matchCriteriaId": "17A84E0A-1429-467F-9EE1-FCA062392DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*",
"matchCriteriaId": "C591163D-64BC-403B-A460-5B2258EC2F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*",
"matchCriteriaId": "ED932B89-D34D-4398-8F79-AF98987CAFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*",
"matchCriteriaId": "ABD365A0-0B09-4EC2-9973-691144C99507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*",
"matchCriteriaId": "FBE64DC7-A9D1-416F-89BF-D9F8DD8174AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*",
"matchCriteriaId": "0E198AE4-A6A3-4875-A7DA-44BE9E1B280F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*",
"matchCriteriaId": "2FDD5BA0-8180-484D-8308-B0862B6E9DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*",
"matchCriteriaId": "96A6EB9A-A908-42D1-A6BC-E38E861BBECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*",
"matchCriteriaId": "651EDCAA-D785-464D-AE41-425A69F6FFB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*",
"matchCriteriaId": "1B3C704C-9D60-4F72-B482-07F209985E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*",
"matchCriteriaId": "C1CFE956-4391-4B71-BD0B-96A008A624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*",
"matchCriteriaId": "409778CD-9AB3-4793-A5F5-8D8657F81442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*",
"matchCriteriaId": "F7EA75DB-B6BE-4E75-89B6-C69E96CBD7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*",
"matchCriteriaId": "0DC45A8B-6DE0-465F-9644-B75A09394F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*",
"matchCriteriaId": "7A265671-BCB0-401A-A1E8-500F9D41492E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*",
"matchCriteriaId": "83168067-1E43-4186-9B15-3FC702C6583C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*",
"matchCriteriaId": "8C122DB4-8410-4C4E-87BE-EB3175CE182B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*",
"matchCriteriaId": "C76ED78D-0778-4269-938E-BB7586C1E44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*",
"matchCriteriaId": "7A1F78C5-E995-4E37-83C5-5B6A1D39E549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*",
"matchCriteriaId": "7A2E842D-AF37-4641-AD05-B91F250E7487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*",
"matchCriteriaId": "A07EAC87-32FD-4553-B71D-181F2C66AE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*",
"matchCriteriaId": "AD6F0D62-4C51-46D6-A6C4-E479BE6B2C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*",
"matchCriteriaId": "865D3042-68ED-44B9-A036-9433F7463D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*",
"matchCriteriaId": "FC4FEF78-D2DA-4CCE-BB81-7E2090ED545C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*",
"matchCriteriaId": "11AE3F61-9655-4B20-96E1-92112BE2BEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*",
"matchCriteriaId": "ECE35166-3019-450B-9C69-484E4EDE5A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*",
"matchCriteriaId": "D892B066-381B-4F46-8363-7BA1647BBCD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*",
"matchCriteriaId": "710DB381-5504-4493-8D0A-17AB8E5A903B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*",
"matchCriteriaId": "42AAA3B7-B74D-4B67-8BD3-1D9B5ED1E037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*",
"matchCriteriaId": "33CBCA55-010E-4E84-B2F8-F9B53D5A3340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*",
"matchCriteriaId": "95A73B4B-F9B3-4D66-9668-902902C73CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*",
"matchCriteriaId": "8D14D51D-E2EA-4826-8C6E-AF1C15F12384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*",
"matchCriteriaId": "BED100A1-9D59-48BE-91D4-0C8F2D678E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*",
"matchCriteriaId": "660B51F2-DFE0-49F6-AD2A-6E94B20F4019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*",
"matchCriteriaId": "04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*",
"matchCriteriaId": "0D2ED442-3F6D-472A-AA98-51D05A65B2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*",
"matchCriteriaId": "2A71EC72-3389-4EC7-8104-2A78F7B8C0DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C05F1671-5010-4BB5-BFA7-217FBB946B59",
"versionEndExcluding": "8.5.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3E0004-E6F1-4C0D-9B24-A7F1AF4BCBD8",
"versionEndExcluding": "8.5.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
},
{
"lang": "es",
"value": "ESXi versiones 6.5 sin el parche ESXi650-201703410-SG, 6.0 U3 sin el parche ESXi600-201703401-SG, 6.0 U2 sin el parche ESXi600-201703403-SG, 6.0 U1 sin el parche ESXi600-201703402-SG, y 5.5 sin el parche ESXi550-20-20170140; Workstation Pro / Player versi\u00f3n 12.x anterior de 12.5.5; y Fusion Pro / Fusion versiones 8.x anterior a 8.5.6 de VMware, presenta un uso de memoria de la pila no inicializada en SVGA. Este problema puede permitir a un invitado ejecutar c\u00f3digo en el host."
}
],
"id": "CVE-2017-4903",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T18:29:00.350",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038149"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4898
Vulnerability from fkie_nvd - Published: 2017-06-07 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/96772 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1037979 | ||
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2017-0003.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96772 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037979 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2017-0003.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation_player | 12.0.0 | |
| vmware | workstation_player | 12.0.1 | |
| vmware | workstation_player | 12.1.0 | |
| vmware | workstation_player | 12.5.0 | |
| vmware | workstation_player | 12.5.1 | |
| vmware | workstation_player | 12.5.2 | |
| vmware | workstation_pro | 12.0.0 | |
| vmware | workstation_pro | 12.0.1 | |
| vmware | workstation_pro | 12.1.0 | |
| vmware | workstation_pro | 12.5.0 | |
| vmware | workstation_pro | 12.5.1 | |
| vmware | workstation_pro | 12.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ABE47D4-506C-4132-829B-19A61ED35F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67CDB0AC-25B6-4397-9784-386C81C37352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C48608C8-B7A6-47DD-8C78-44EB2B0D6C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1D4E53-DEB3-4143-B619-4431DB47341F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C83B3D50-43FF-4034-9C75-F44939D60378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1613CB4-1088-40F1-A5E8-584284A980D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E8337D-BC36-4910-A998-309D277D008C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E91FE31-B442-4EE3-A415-D635A5CCA6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C67B92FB-CE89-479D-97DF-237C77BF307B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A83855-1411-4CA8-A005-5AA58D1CB32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3516D484-83AF-470E-9E9A-AFE3BBE4F75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5A845C-E2CA-4C3A-8019-22C7DC2EA6DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
},
{
"lang": "es",
"value": "Workstation Pro/Player versiones 12.x anteriores a 12.5.3 de VMware, contiene una vulnerabilidad de carga de DLL que ocurre debido al proceso \"vmware-vmx\" que carga archivos DLL desde una ruta (path) definida en la variable de entorno local. La explotaci\u00f3n con \u00e9xito de este problema puede permitir a los usuarios normales escalar privilegios al sistema en la m\u00e1quina host donde est\u00e1 instalada Workstation de VMware."
}
],
"id": "CVE-2017-4898",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T18:29:00.210",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1037979"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4905
Vulnerability from fkie_nvd - Published: 2017-06-07 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/97164 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1038148 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1038149 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2017-0006.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97164 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038148 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038149 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2017-0006.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | fusion | * | |
| vmware | fusion_pro | * | |
| apple | mac_os_x | - | |
| vmware | workstation_player | * | |
| vmware | workstation_pro | * | |
| vmware | esxi | 5.5 | |
| vmware | esxi | 5.5 | |
| vmware | esxi | 5.5 | |
| vmware | esxi | 5.5 | |
| vmware | esxi | 5.5 | |
| vmware | esxi | 6.0 | |
| vmware | esxi | 6.0 | |
| vmware | esxi | 6.0 | |
| vmware | esxi | 6.0 | |
| vmware | esxi | 6.0 | |
| vmware | esxi | 6.0 | |
| vmware | esxi | 6.0 | |
| vmware | esxi | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C05F1671-5010-4BB5-BFA7-217FBB946B59",
"versionEndExcluding": "8.5.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3E0004-E6F1-4C0D-9B24-A7F1AF4BCBD8",
"versionEndExcluding": "8.5.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB0B91B-F8F6-456F-8FBD-7B98A9ABA95A",
"versionEndExcluding": "12.5.5",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F1AB0A-CD31-4FE7-AE1F-4C6A111D1C62",
"versionEndExcluding": "12.5.5",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "BB90FDCA-A848-4D4D-8A6F-FD04D702EC85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:1:*:*:*:*:*:*",
"matchCriteriaId": "4DC223AC-EB3D-48CF-A6CC-D35E00A38394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:2:*:*:*:*:*:*",
"matchCriteriaId": "75C8E87E-A869-49F8-89F9-DE64A45CDB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:3a:*:*:*:*:*:*",
"matchCriteriaId": "E7F8878C-F73D-4549-9607-74880176D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.5:3b:*:*:*:*:*:*",
"matchCriteriaId": "E47D369F-13B2-42B3-BB74-60AAD0954B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3E8861F4-D390-4738-BBF0-9EE4684E9667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*",
"matchCriteriaId": "52403C80-3022-4E5B-B16A-24B116D1E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*",
"matchCriteriaId": "FBECED2E-05FD-492E-8B57-9BB8ADA82444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*",
"matchCriteriaId": "3C3FBBA4-01FA-45B5-AEDF-FFFE941163FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*",
"matchCriteriaId": "A63E3C72-3145-4661-BBCD-8A67EC0CDDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*",
"matchCriteriaId": "9159F6E1-6A36-4D3C-85B1-2205B90CD244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*",
"matchCriteriaId": "C2C08C24-FBAC-49B8-AABF-4FF8BADA3412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
},
{
"lang": "es",
"value": "ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, 5.5 sin parche ESXi550-201701401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede conducir a un filtrado de informaci\u00f3n."
}
],
"id": "CVE-2017-4905",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T18:29:00.413",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038149"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-22040 (GCVE-0-2021-22040)
Vulnerability from cvelistv5 – Published: 2022-02-16 16:37 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Severity ?
No CVSS data available.
CWE
- Use-after-free vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi , Workstation, Fusion and VMware Cloud Foundation |
Affected:
VMware ESXi (7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878, 7.0 U1 before ESXi70U1e-19324898, ESXi 6.7 before ESXi670-202111101-SG and ESXi 6.5 ESXi650-202202401-SG), Workstation (16.x before 16.2.1), Fusion (12.x before 12.2.1) and VMware Cloud Foundation (4.x before 4.4 and 3.x before 3.11)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi , Workstation, Fusion and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi (7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878, 7.0 U1 before ESXi70U1e-19324898, ESXi 6.7 before ESXi670-202111101-SG and ESXi 6.5 ESXi650-202202401-SG), Workstation (16.x before 16.2.1), Fusion (12.x before 12.2.1) and VMware Cloud Foundation (4.x before 4.4 and 3.x before 3.11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T16:37:53",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi , Workstation, Fusion and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878, 7.0 U1 before ESXi70U1e-19324898, ESXi 6.7 before ESXi670-202111101-SG and ESXi 6.5 ESXi650-202202401-SG), Workstation (16.x before 16.2.1), Fusion (12.x before 12.2.1) and VMware Cloud Foundation (4.x before 4.4 and 3.x before 3.11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22040",
"datePublished": "2022-02-16T16:37:53",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3982 (GCVE-0-2020-3982)
Vulnerability from cvelistv5 – Published: 2020-10-20 16:09 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi, Workstation, Fusion |
Affected:
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi, Workstation, Fusion",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine\u0027s vmx process or corrupt hypervisor\u0027s memory heap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T16:09:04",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi, Workstation, Fusion",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine\u0027s vmx process or corrupt hypervisor\u0027s memory heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3982",
"datePublished": "2020-10-20T16:09:04",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3990 (GCVE-0-2020-3990)
Vulnerability from cvelistv5 – Published: 2020-09-16 16:17 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Severity ?
No CVSS data available.
CWE
- Information disclosure vulnerability via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:17:17",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3990",
"datePublished": "2020-09-16T16:17:17",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3989 (GCVE-0-2020-3989)
Vulnerability from cvelistv5 – Published: 2020-09-16 16:17 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Severity ?
No CVSS data available.
CWE
- Denial-of-service vulnerability via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:17:11",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3989",
"datePublished": "2020-09-16T16:17:11",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3988 (GCVE-0-2020-3988)
Vulnerability from cvelistv5 – Published: 2020-09-16 16:14 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Severity ?
No CVSS data available.
CWE
- Multiple out-of-bounds read issues via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:14:08",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3988",
"datePublished": "2020-09-16T16:14:08",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3987 (GCVE-0-2020-3987)
Vulnerability from cvelistv5 – Published: 2020-09-16 16:14 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Severity ?
No CVSS data available.
CWE
- Multiple out-of-bounds read issues via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:14:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3987",
"datePublished": "2020-09-16T16:14:01",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3986 (GCVE-0-2020-3986)
Vulnerability from cvelistv5 – Published: 2020-09-16 16:13 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Severity ?
No CVSS data available.
CWE
- Multiple out-of-bounds read issues via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:13:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3986",
"datePublished": "2020-09-16T16:13:54",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5511 (GCVE-0-2018-5511)
Vulnerability from cvelistv5 – Published: 2018-04-13 13:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) |
Affected:
13.1.0-13.1.0.3
Affected: 13.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"name": "46600",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46600/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.1.0-13.1.0.3"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"datePublic": "2018-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T17:06:07",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"name": "46600",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46600/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-04-12T00:00:00",
"ID": "CVE-2018-5511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"version": {
"version_data": [
{
"version_value": "13.1.0-13.1.0.3"
},
{
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K30500703",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"name": "46600",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46600/"
},
{
"name": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2018-5511",
"datePublished": "2018-04-13T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T16:38:21.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6957 (GCVE-0-2018-6957)
Vulnerability from cvelistv5 – Published: 2018-03-15 19:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
Severity ?
No CVSS data available.
CWE
- Denial-of-service vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Workstation |
Affected:
14.x before 14.1.1
Affected: 12.x |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103431"
},
{
"name": "1040539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "14.x before 14.1.1"
},
{
"status": "affected",
"version": "12.x"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "10.x before 10.1.1"
},
{
"status": "affected",
"version": "8.x"
}
]
}
],
"datePublic": "2018-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "103431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103431"
},
{
"name": "1040539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-03-15T00:00:00",
"ID": "CVE-2018-6957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.1"
},
{
"version_value": "12.x"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.1"
},
{
"version_value": "8.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103431"
},
{
"name": "1040539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040539"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6957",
"datePublished": "2018-03-15T19:00:00Z",
"dateReserved": "2018-02-14T00:00:00",
"dateUpdated": "2024-09-16T23:06:38.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22040 (GCVE-0-2021-22040)
Vulnerability from nvd – Published: 2022-02-16 16:37 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Severity ?
No CVSS data available.
CWE
- Use-after-free vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi , Workstation, Fusion and VMware Cloud Foundation |
Affected:
VMware ESXi (7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878, 7.0 U1 before ESXi70U1e-19324898, ESXi 6.7 before ESXi670-202111101-SG and ESXi 6.5 ESXi650-202202401-SG), Workstation (16.x before 16.2.1), Fusion (12.x before 12.2.1) and VMware Cloud Foundation (4.x before 4.4 and 3.x before 3.11)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi , Workstation, Fusion and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi (7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878, 7.0 U1 before ESXi70U1e-19324898, ESXi 6.7 before ESXi670-202111101-SG and ESXi 6.5 ESXi650-202202401-SG), Workstation (16.x before 16.2.1), Fusion (12.x before 12.2.1) and VMware Cloud Foundation (4.x before 4.4 and 3.x before 3.11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T16:37:53",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi , Workstation, Fusion and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878, 7.0 U1 before ESXi70U1e-19324898, ESXi 6.7 before ESXi670-202111101-SG and ESXi 6.5 ESXi650-202202401-SG), Workstation (16.x before 16.2.1), Fusion (12.x before 12.2.1) and VMware Cloud Foundation (4.x before 4.4 and 3.x before 3.11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22040",
"datePublished": "2022-02-16T16:37:53",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3982 (GCVE-0-2020-3982)
Vulnerability from nvd – Published: 2020-10-20 16:09 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi, Workstation, Fusion |
Affected:
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi, Workstation, Fusion",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine\u0027s vmx process or corrupt hypervisor\u0027s memory heap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T16:09:04",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi, Workstation, Fusion",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine\u0027s vmx process or corrupt hypervisor\u0027s memory heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3982",
"datePublished": "2020-10-20T16:09:04",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3990 (GCVE-0-2020-3990)
Vulnerability from nvd – Published: 2020-09-16 16:17 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Severity ?
No CVSS data available.
CWE
- Information disclosure vulnerability via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:17:17",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3990",
"datePublished": "2020-09-16T16:17:17",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3989 (GCVE-0-2020-3989)
Vulnerability from nvd – Published: 2020-09-16 16:17 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Severity ?
No CVSS data available.
CWE
- Denial-of-service vulnerability via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:17:11",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3989",
"datePublished": "2020-09-16T16:17:11",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3988 (GCVE-0-2020-3988)
Vulnerability from nvd – Published: 2020-09-16 16:14 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Severity ?
No CVSS data available.
CWE
- Multiple out-of-bounds read issues via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:14:08",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3988",
"datePublished": "2020-09-16T16:14:08",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3987 (GCVE-0-2020-3987)
Vulnerability from nvd – Published: 2020-09-16 16:14 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Severity ?
No CVSS data available.
CWE
- Multiple out-of-bounds read issues via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:14:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3987",
"datePublished": "2020-09-16T16:14:01",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3986 (GCVE-0-2020-3986)
Vulnerability from nvd – Published: 2020-09-16 16:13 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Severity ?
No CVSS data available.
CWE
- Multiple out-of-bounds read issues via Cortado ThinPrint
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workstation and Horizon Client for Windows |
Affected:
VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation and Horizon Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T16:13:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation and Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3986",
"datePublished": "2020-09-16T16:13:54",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5511 (GCVE-0-2018-5511)
Vulnerability from nvd – Published: 2018-04-13 13:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) |
Affected:
13.1.0-13.1.0.3
Affected: 13.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"name": "46600",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46600/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.1.0-13.1.0.3"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"datePublic": "2018-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T17:06:07",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"name": "46600",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46600/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-04-12T00:00:00",
"ID": "CVE-2018-5511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"version": {
"version_data": [
{
"version_value": "13.1.0-13.1.0.3"
},
{
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K30500703",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K30500703"
},
{
"name": "46600",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46600/"
},
{
"name": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2018-5511",
"datePublished": "2018-04-13T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T16:38:21.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6957 (GCVE-0-2018-6957)
Vulnerability from nvd – Published: 2018-03-15 19:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
Severity ?
No CVSS data available.
CWE
- Denial-of-service vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Workstation |
Affected:
14.x before 14.1.1
Affected: 12.x |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103431"
},
{
"name": "1040539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "14.x before 14.1.1"
},
{
"status": "affected",
"version": "12.x"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "10.x before 10.1.1"
},
{
"status": "affected",
"version": "8.x"
}
]
}
],
"datePublic": "2018-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "103431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103431"
},
{
"name": "1040539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-03-15T00:00:00",
"ID": "CVE-2018-6957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.1"
},
{
"version_value": "12.x"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.1"
},
{
"version_value": "8.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103431"
},
{
"name": "1040539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040539"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6957",
"datePublished": "2018-03-15T19:00:00Z",
"dateReserved": "2018-02-14T00:00:00",
"dateUpdated": "2024-09-16T23:06:38.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}