Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6974 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2018-6983 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. | |||||
| CVE-2018-6973 | 1 Vmware | 2 Fusion, Workstation | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2018-6963 | 1 Vmware | 2 Fusion, Workstation | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine. | |||||
| CVE-2018-6957 | 1 Vmware | 3 Fusion, Workstation Player, Workstation Pro | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
| VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. | |||||
| CVE-2018-6965 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967. | |||||
| CVE-2018-6966 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967. | |||||
| CVE-2018-6967 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966. | |||||
| CVE-2018-6962 | 1 Vmware | 1 Fusion | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2024-02-04 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2017-4902 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. | |||||
| CVE-2017-4945 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. | |||||
| CVE-2017-4933 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-04 | 6.0 MEDIUM | 8.8 HIGH |
| VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | |||||
| CVE-2017-4925 | 2 Apple, Vmware | 5 Mac Os X, Esxi, Fusion and 2 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
| CVE-2017-4950 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
| VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. | |||||
| CVE-2017-4924 | 1 Vmware | 3 Esxi, Fusion, Workstation Pro | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2017-4934 | 1 Vmware | 2 Fusion, Workstation | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2017-4938 | 1 Vmware | 2 Fusion, Workstation | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
| CVE-2017-4949 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
| VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. | |||||
| CVE-2017-4941 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-04 | 6.0 MEDIUM | 8.8 HIGH |
| VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | |||||