Lucene search
K

73 matches found

osv
osv
added 2020/12/21 4:15 p.m.3 views

CVE-2020-3999

VMware ESXi 7.0 prior to ESXi70U1c-17325551, VMware Workstation 16.x prior to 16.0 and 15.x prior to 15.5.7, VMware Fusion 12.x prior to 12.0 and 11.x prior to 11.5.7 and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious...

6.5CVSS6.6AI score0.00349EPSS
Exploits0References1
cnvd
cnvd
added 2020/11/23 12:0 a.m.4 views

VMware ESXi Elevation of Privilege Vulnerability

VMware ESXi is a virtualization software and the software supports windows platform to run. An elevation of privilege vulnerability exists in VMware ESXi. The vulnerability stems from an issue with how certain system calls are managed. An attacker with privileges only in the VMX process could...

7.8CVSS7.1AI score0.00382EPSS
Exploits0References1
nessus
nessus
added 2020/11/23 12:0 a.m.118 views

VMSA-2020-0026 : VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities

a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX proce...

8.2CVSS8.1AI score0.00392EPSS
Exploits0References3
threatpost
threatpost
added 2020/11/20 8:18 p.m.86 views

VMware Fixes Critical Flaw in ESXi Hypervisor

VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China’s Tianfu Cup hacking competition. The use-after-free vulnerability CVE-2020-4004 has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller...

1.4AI score0.00392EPSS
Exploits0References7
osv
osv
added 2020/11/20 8:15 p.m.3 views

CVE-2020-4005

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...

7.8CVSS7.4AI score0.00382EPSS
Exploits0References1
prion
prion
added 2020/11/20 8:15 p.m.34 views

Privilege escalation

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...

7.2CVSS7.8AI score0.00392EPSS
Exploits0References1Affected Software2
prion
prion
added 2020/11/20 8:15 p.m.29 views

Design/Logic Flaw

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG, Workstation 15.x before 15.5.7, Fusion 11.x before 11.5.7 contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a...

4.6CVSS7.9AI score0.00392EPSS
Exploits0References1Affected Software4
cnnvd
cnnvd
added 2020/11/20 12:0 a.m.8 views

VMware ESXi Resource Management Error Vulnerability

Vmware VMware ESXi is a server virtualization platform from Vmware that can be installed directly on physical servers. A security vulnerability exists in VMware ESXi that stems from the inclusion of a no after-use vulnerability in the XHCI USB controller. A malicious participant with local...

8.2CVSS7.5AI score0.00392EPSS
Exploits0References5
osv
osv
added 2020/06/25 3:15 p.m.5 views

CVE-2020-3970

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative loc...

3.8CVSS5.8AI score0.00382EPSS
Exploits0References2
osv
osv
added 2019/04/09 8:30 p.m.3 views

CVE-2019-5512

VMware Workstation 15.x before 15.0.3, 14.x before 14.1.6 running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege...

8.8CVSS7.3AI score0.01227EPSS
Exploits1References1
cve
cve
added 2019/04/09 7:29 p.m.90 views

CVE-2019-5512

VMware Workstation on Windows is affected by CVE-2019-5512 due to improper handling of COM classes used by the VMX process, enabling local privilege escalation. Affected versions are Workstation Pro < 14.1.6 and Workstation 15.x

8.8CVSS8.5AI score0.01227EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2019/03/25 12:0 a.m.38 views

VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation VMware: Host VMX Process Impersonation Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15.0.2. Class: Elevation of Privilege Summary: The...

1.1AI score
Exploits0
zdt
zdt
added 2019/03/25 12:0 a.m.104 views

VMware Workstation 14.1.5 / VMware Player 15 Host VMX Process COM Class Hijack Privilege Escalation

The VMX process vmware-vmx.exe process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created wit...

8.6AI score0.01227EPSS
Exploits1
exploitdb
exploitdb
added 2019/03/25 12:0 a.m.70 views

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege. Description: The...

7AI score
Exploits0
exploitdb
exploitdb
added 2019/03/25 12:0 a.m.96 views

VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation

VMware: Host VMX Process Impersonation Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15.0.2. Class: Elevation of Privilege Summary: The creation of the VMX process on a Windows host can be hijacked leading to elevation of privilege. Description:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/03/25 12:0 a.m.49 views

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...

0.9AI score
Exploits0
kaspersky
kaspersky
added 2019/03/14 12:0 a.m.37 views

KLA11437 Multiple vulnerabilities in VMware products

Multiple vulnerabilities were found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. Vulnerability related to VMX process can be exploited remotely to gain privileges; 2. Vulnerability related to COM classes...

8.8CVSS9.2AI score0.01227EPSS
Exploits1References4
openvas
openvas
added 2014/01/20 12:0 a.m.36 views

VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues

VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues. OpenVAS Vulnerability Test $Id: gbVMSA-2014-0001.nasl 6750 2017-07-18 09:56:47Z teissa $ VMSA-2014-0001: VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security...

6.8CVSS0.2AI score0.02759EPSS
Exploits0References1
openvas
openvas
added 2014/01/20 12:0 a.m.26 views

VMSA-2014-0001 VMware ESXi address several security issues (remote check).

VMware ESXi address several security issues. OpenVAS Vulnerability Test $Id: gbVMSA-2014-0001remote.nasl 6769 2017-07-20 09:56:33Z teissa $ VMSA-2014-0001 VMware ESXi address several security issues remote check. Authors: Michael Meyer Copyright: Copyright c 2014 Greenbone Networks GmbH This...

4.3CVSS0.4AI score0.02759EPSS
Exploits0References1
openvas
openvas
added 2014/01/20 12:0 a.m.33 views

VMware ESXi address several security issues (VMSA-2014-0001) - Remote Version Check

VMware ESXi address several security issues. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

4.3CVSS5AI score0.02759EPSS
Exploits0References1
Rows per page
Query Builder