Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2020/11/24 12:0 a.m.412 views

ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2020-0026)

According to its self-reported version number, the remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities. - A use-after-free error exists in the XHCI USB controller. An unauthenticated, local attacker with local administrative privileges on a virtual machi...

8.2CVSS8.1AI score0.00392EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/11/23 12:0 a.m.118 views

VMSA-2020-0026 : VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities

a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX proce...

8.2CVSS8.1AI score0.00392EPSS
Exploits0References3
Circl
Circl
added 2020/11/20 10:43 p.m.10 views

CVE-2020-4005

creationtimestamp| type| source ---|---|--- 2020-11-20 22:43:03+00:00| seen| https://t.me/cibsecurity/16681 2020-11-23 12:28:43+00:00| seen| https://t.me/CyberGovIL/946 2020-11-23 12:30:01+00:00| seen|...

7.8CVSS7.5AI score0.00382EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/11/20 8:18 p.m.86 views

VMware Fixes Critical Flaw in ESXi Hypervisor

VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China’s Tianfu Cup hacking competition. The use-after-free vulnerability CVE-2020-4004 has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller...

1.4AI score0.00392EPSS
Exploits0References7
OSV
OSV
added 2020/11/20 8:15 p.m.3 views

CVE-2020-4005

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...

7.8CVSS7.4AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2020/11/20 7:6 p.m.154 views

CVE-2020-4005

CVE-2020-4005 affects VMware ESXi 7.0 (before ESXi70U1b-17168206), 6.7 (before ESXi670-202011101-SG), and 6.5 (before ESXi650-202011301-SG). The issue is a privilege-escalation flaw in how certain system calls are managed, allowing a malicious actor with privileges inside the VMX process to escal...

7.8CVSS7.7AI score0.00382EPSS
Exploits0References1Affected Software1
VMware
VMware
added 2020/11/19 12:0 a.m.51 views

VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)

3a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9....

7.2CVSS7.8AI score0.00392EPSS
Exploits0References15Affected Software4
Rows per page
Query Builder