11 matches found
EUVD-2020-25270
Malware in sbrugna...
VMware Fusion 11.x < 11.5.7 Use-after-free (VMSA-2020-0026)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.x prior to 11.5.7. It is, therefore, affected by a use-after-free error in the XHCI USB Controller. An unauthenticated, local attacker with administrative privileges on a virtual machine may exploit this issue to...
VMware Workstation 15.x < 15.5.7 Use-after-free (VMSA-2020-0026)
The version of VMware Workstation installed on the remote Windows host is 15.x prior to 15.5.7. It is, therefore, affected by a use-after-free error in the XHCI USB Controller. An unauthenticated, local attacker with administrative privileges on a virtual machine may exploit this issue to execute...
ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2020-0026)
According to its self-reported version number, the remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities. - A use-after-free error exists in the XHCI USB controller. An unauthenticated, local attacker with local administrative privileges on a virtual machi...
VMSA-2020-0026 : VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities
a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX proce...
CVE-2020-4004
creationtimestamp| type| source ---|---|--- 2020-11-20 22:42:59+00:00| seen| https://t.me/cibsecurity/16678 2020-11-20 22:43:03+00:00| seen| https://t.me/cibsecurity/16681 2020-11-23 12:28:43+00:00| seen| https://t.me/CyberGovIL/946 2020-11-23 12:30:01+00:00| seen|...
VMware Fixes Critical Flaw in ESXi Hypervisor
VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China’s Tianfu Cup hacking competition. The use-after-free vulnerability CVE-2020-4004 has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller...
Privilege escalation
VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...
CVE-2020-4004
CVE-2020-4004 is a use-after-free in the XHCI USB controller affecting VMware ESXi (7.0 before ESXi70U1b-17168206; 6.7 before ESXi670-202011101-SG; 6.5 before ESXi650-202011301-SG), VMware Workstation (15.x before 15.5.7), and VMware Fusion (11.x before 11.5.7). The underlying issue allows a mali...
VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)
3a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9....
KLA12101 Use after free vulnerability in VMware Workstation and Player
A use after free vulnerability was found in VMware Workstation and Player. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories VMSA-2020-0026 Related products VMware-Workstation VMware-Player CVE list CVE-2020-4004 critical Solution Update to the latest...