73 matches found
CVE-2020-3999
VMware ESXi 7.0 prior to ESXi70U1c-17325551, VMware Workstation 16.x prior to 16.0 and 15.x prior to 15.5.7, VMware Fusion 12.x prior to 12.0 and 11.x prior to 11.5.7 and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious...
VMware ESXi Elevation of Privilege Vulnerability
VMware ESXi is a virtualization software and the software supports windows platform to run. An elevation of privilege vulnerability exists in VMware ESXi. The vulnerability stems from an issue with how certain system calls are managed. An attacker with privileges only in the VMX process could...
VMSA-2020-0026 : VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities
a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX proce...
VMware Fixes Critical Flaw in ESXi Hypervisor
VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China’s Tianfu Cup hacking competition. The use-after-free vulnerability CVE-2020-4004 has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller...
CVE-2020-4005
VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...
Privilege escalation
VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...
Design/Logic Flaw
VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG, Workstation 15.x before 15.5.7, Fusion 11.x before 11.5.7 contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a...
VMware ESXi Resource Management Error Vulnerability
Vmware VMware ESXi is a server virtualization platform from Vmware that can be installed directly on physical servers. A security vulnerability exists in VMware ESXi that stems from the inclusion of a no after-use vulnerability in the XHCI USB controller. A malicious participant with local...
CVE-2020-3970
VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative loc...
CVE-2019-5512
VMware Workstation 15.x before 15.0.3, 14.x before 14.1.6 running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege...
CVE-2019-5512
VMware Workstation on Windows is affected by CVE-2019-5512 due to improper handling of COM classes used by the VMX process, enabling local privilege escalation. Affected versions are Workstation Pro < 14.1.6 and Workstation 15.x
VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation VMware: Host VMX Process Impersonation Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15.0.2. Class: Elevation of Privilege Summary: The...
VMware Workstation 14.1.5 / VMware Player 15 Host VMX Process COM Class Hijack Privilege Escalation
The VMX process vmware-vmx.exe process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created wit...
VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege. Description: The...
VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
VMware: Host VMX Process Impersonation Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15.0.2. Class: Elevation of Privilege Summary: The creation of the VMX process on a Windows host can be hijacked leading to elevation of privilege. Description:...
VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...
KLA11437 Multiple vulnerabilities in VMware products
Multiple vulnerabilities were found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. Vulnerability related to VMX process can be exploited remotely to gain privileges; 2. Vulnerability related to COM classes...
VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues. OpenVAS Vulnerability Test $Id: gbVMSA-2014-0001.nasl 6750 2017-07-18 09:56:47Z teissa $ VMSA-2014-0001: VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security...
VMSA-2014-0001 VMware ESXi address several security issues (remote check).
VMware ESXi address several security issues. OpenVAS Vulnerability Test $Id: gbVMSA-2014-0001remote.nasl 6769 2017-07-20 09:56:33Z teissa $ VMSA-2014-0001 VMware ESXi address several security issues remote check. Authors: Michael Meyer Copyright: Copyright c 2014 Greenbone Networks GmbH This...
VMware ESXi address several security issues (VMSA-2014-0001) - Remote Version Check
VMware ESXi address several security issues. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...