PT-2026-40077

Name of the Vulnerable Software and Affected Versions IntelR Processors affected versions not specified Description Shared microarchitectural predictor state that influences transient execution for some processors within VMX non-root guest operation may lead to information disclosure. An...

SUSE CVE-2019-12929

The QMP guestexec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU'...

UBUNTU-CVE-2019-12929

The QMP guestexec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU'...

CVE-2019-5518

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI Universal Host...

Code injection

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Ho...

VMSA-2018-0005:VMware Workstation, and Fusion updates resolve use-after-free and integer-overfLOW vulnerabilities

VMSA-2018-0005 VMware Workstation, and Fusion updates resolve use-after - free and integer-overflow vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0005 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation, and...

Out-of-bounds

VMware Workstation 12.x before 12.5.8 and Horizon View Client for Windows 4.x before 4.6.1 contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstatio...

CVE-2017-4934

VMware Workstation 12.x before 12.5.8 and Fusion 8.x before 8.5.9 contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host...

CVE-2017-4911

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

CVE-2017-4913

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstatio...

CVE-2017-4908

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

CVE-2017-4904

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; an...

VMware ESXi updates address critical and moderate security issues (VMSA-2017-0006) - Remote Version Check

VMware ESXi updates address critical and moderate security issues. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

ALPINE-CVE-2016-7777

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it...