Search criteria
49 vulnerabilities found for Workstation by VMware
CERTFR-2025-AVI-0592
Vulnerability from certfr_avis - Published: 2025-07-16 - Updated: 2025-07-16
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x et 2.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | Cloud Foundation | Cloud Foundation et vSphere Foundation versions 9.0.0.0 sans le correctif ESXi-9.0.0.0100-24813472 | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.6.4 | ||
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 3.x et 2.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans le correctif ESXi80U3f-24784735 | ||
| VMware | Workstation | Worstation versions 17.x antérieures à 17.6.4 | ||
| VMware | VMware Tools | VMware Tools versions 13.x.x antérieures à 13.0.1.0 pour Windows | ||
| VMware | ESXi | ESXI versions 7.0 sans le correctif ESXi70U3w-24784741 | ||
| VMware | VMware Tools | VMware Tools versions antérieures à 12.5.3 pour Windows | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | ESXi | ESXI versions 8.0 sans les correctifs ESXi80U3f-24784735 et ESXi80U2e-24789317 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Infrastructure versions 3.x et 2.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation et vSphere Foundation versions 9.0.0.0 sans le correctif ESXi-9.0.0.0100-24813472",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.6.4",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Platform versions 3.x et 2.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans le correctif ESXi80U3f-24784735",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Worstation versions 17.x ant\u00e9rieures \u00e0 17.6.4",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions 13.x.x ant\u00e9rieures \u00e0 13.0.1.0 pour Windows",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXI versions 7.0 sans le correctif ESXi70U3w-24784741",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions ant\u00e9rieures \u00e0 12.5.3 pour Windows",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.5.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXI versions 8.0 sans les correctifs ESXi80U3f-24784735 et ESXi80U2e-24789317",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41236"
},
{
"name": "CVE-2025-41237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41237"
},
{
"name": "CVE-2025-41238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41238"
},
{
"name": "CVE-2025-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41239"
}
],
"initial_release_date": "2025-07-16T00:00:00",
"last_revision_date": "2025-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0592",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35877",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
]
}
CERTFR-2025-AVI-0430
Vulnerability from certfr_avis - Published: 2025-05-21 - Updated: 2025-05-21
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Platform | Telco Cloud Platform sans le correctif de sécurité 8.0 U3e pour vCenter | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x sans le correctif de sécurité ESXi80U3se-24659227 pour ESXi | ||
| VMware | ESXi | ESXi versions 8.0 sans le correctif de sécurité ESXi80U3se-24659227 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans le correctif de sécurité ESXi80U3se-24659227 pour ESXi | ||
| VMware | Telco Cloud Platform | Telco Cloud Platform sans le correctif de sécurité ESXi80U3se-24659227 pour ESXi | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x sans le correctif de sécurité 8.0 U3e pour vCenter | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.6.3 sur macOS | ||
| VMware | vCenter Server | vCenter Server versions 7.0 sans le correctif de sécurité 7.0 U3v | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x sans le correctif de sécurité 7.0 U3v pour vCenter | ||
| VMware | Workstation | Workstation versions 17.x antérieures à 17.6.3 | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 2.x sans le correctif de sécurité 7.0 U3v pour vCenter | ||
| VMware | vCenter Server | vCenter Server versions 8.0 sans le correctif de sécurité 8.0 U3e | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans le correctif de sécurité 8.0 U3e pour vCenter | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x sans le correctif de sécurité ESXi70U3sv-24723868 pour ESXi | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 2.x sans le correctif de sécurité ESXi70U3sv-24723868 pour ESXi | ||
| VMware | ESXi | ESXi versions 7.0 sans le correctif de sécurité ESXi70U3sv-24723868 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Platform sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 3.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 8.0 sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Platform sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 3.x sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.6.3 sur macOS",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 7.0 sans le correctif de s\u00e9curit\u00e9 7.0 U3v",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 7.0 U3v pour vCenter",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions 17.x ant\u00e9rieures \u00e0 17.6.3",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 2.x sans le correctif de s\u00e9curit\u00e9 7.0 U3v pour vCenter",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 8.0 sans le correctif de s\u00e9curit\u00e9 8.0 U3e",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868 pour ESXi",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 2.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868 pour ESXi",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41227"
},
{
"name": "CVE-2025-41225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41225"
},
{
"name": "CVE-2025-41228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41228"
},
{
"name": "CVE-2025-41226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41226"
}
],
"initial_release_date": "2025-05-21T00:00:00",
"last_revision_date": "2025-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0430",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25717",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"
}
]
}
CERTFR-2025-AVI-0177
Vulnerability from certfr_avis - Published: 2025-03-05 - Updated: 2025-03-05
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
VMware indique que les vulnérabilités CVE-2025-222234, CVE-2025-22225 et CVE-2025-22226 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Cloud Foundation | VMware Cloud Foundation versions 4.5.x sans le correctif de sécurité ESXi70U3s-24585291 | ||
| VMware | Telco Cloud Platform | VMware Telco Cloud Platorm sans le correctif de sécurité KB389385 | ||
| VMware | ESXi | VMware ESXi versions 7.0 sans le correctif de sécurité ESXi70U3s-24585291 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 5.x sans le correctif de sécurité ESXi80U3d-24585383 | ||
| VMware | Fusion | VMware Fusion 13.x versions antérieures à 13.6.3 | ||
| VMware | ESXi | VMware ESXi versions 8.0 sans le correctif de sécurité ESXi80U2d-24585300 ou ESXi80U3d-24585383 | ||
| VMware | Telco Cloud Infrastructure | VMware Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de sécurité KB389385 | ||
| VMware | Workstation | VMware Workstation versions 17.x antérieures à 17.6.3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3s-24585291",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Telco Cloud Platorm sans le correctif de s\u00e9curit\u00e9 KB389385",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3s-24585291",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3d-24585383",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Fusion 13.x versions ant\u00e9rieures \u00e0 13.6.3",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 8.0 sans le correctif de s\u00e9curit\u00e9 ESXi80U2d-24585300 ou ESXi80U3d-24585383",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de s\u00e9curit\u00e9 KB389385",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Workstation versions 17.x ant\u00e9rieures \u00e0 17.6.3",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22224"
},
{
"name": "CVE-2024-38814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38814"
},
{
"name": "CVE-2025-22226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22226"
},
{
"name": "CVE-2025-22225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22225"
}
],
"initial_release_date": "2025-03-05T00:00:00",
"last_revision_date": "2025-03-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\n\nVMware indique que les vuln\u00e9rabilit\u00e9s CVE-2025-222234, CVE-2025-22225 et CVE-2025-22226 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25466",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25466"
},
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
]
}
CVE-2025-41239 (GCVE-0-2025-41239)
Vulnerability from cvelistv5 – Published: 2025-07-15 18:35 – Updated: 2025-07-15 18:51
VLAI?
Title
vSockets information-disclosure vulnerability
Summary
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.
Severity ?
7.1 (High)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3f-24784735
(custom)
Affected: 8.0 , < ESXi80U2e-24789317 (custom) Affected: 7.0 , < ESXi70U3w-24784741 (custom) |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T18:51:16.482481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:51:58.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3f-24784735",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2e-24789317",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3w-24784741",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.4",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.6.4",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Tools",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.0.1.0",
"status": "affected",
"version": "13.x.x",
"versionType": "custom"
},
{
"lessThan": "12.5.3",
"status": "affected",
"version": "12.x.x, 11.x.x,",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-15T03:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets.\u00a0A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:35:03.747Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "vSockets information-disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41239",
"datePublished": "2025-07-15T18:35:03.747Z",
"dateReserved": "2025-04-16T09:30:17.798Z",
"dateUpdated": "2025-07-15T18:51:58.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41238 (GCVE-0-2025-41238)
Vulnerability from cvelistv5 – Published: 2025-07-15 18:34 – Updated: 2025-07-16 03:56
VLAI?
Title
PVSCSI heap-overflow vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and exploitable only with configurations that are unsupported. On Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Severity ?
9.3 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3f-24784735
(custom)
Affected: 8.0 , < ESXi80U2e-24789317 (custom) Affected: 7.0 , < ESXi70U3w-24784741 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T03:56:00.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3f-24784735",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2e-24789317",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3w-24784741",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.4",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.6.4",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-07-15T03:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and exploitable only with configurations that are unsupported. On Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and exploitable only with configurations that are unsupported. On Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:34:48.818Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PVSCSI heap-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41238",
"datePublished": "2025-07-15T18:34:48.818Z",
"dateReserved": "2025-04-16T09:30:17.798Z",
"dateUpdated": "2025-07-16T03:56:00.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41237 (GCVE-0-2025-41237)
Vulnerability from cvelistv5 – Published: 2025-07-15 18:34 – Updated: 2025-07-16 03:55
VLAI?
Title
VMCI integer-underflow vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Severity ?
9.3 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | Cloud Foundation |
Affected:
9.0.0.0, 5.x, 4.5.x
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T03:55:59.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "9.0.0.0, 5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "vSphere Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3f-24784735",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2e-24789317",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3w-24784741",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.4",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.6.4",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-07-15T03:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Workstation, and Fusion\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi,\u00a0Workstation, and Fusion\u00a0contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:34:21.083Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMCI integer-underflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41237",
"datePublished": "2025-07-15T18:34:21.083Z",
"dateReserved": "2025-04-16T09:30:17.798Z",
"dateUpdated": "2025-07-16T03:55:59.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41236 (GCVE-0-2025-41236)
Vulnerability from cvelistv5 – Published: 2025-07-15 18:34 – Updated: 2025-07-16 03:55
VLAI?
Title
VMXNET3 integer-overflow vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
Severity ?
9.3 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3f-24784735
(custom)
Affected: 8.0 , < ESXi80U2e-24789317 (custom) Affected: 7.0 , < ESXi70U3w-24784741 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T03:55:58.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3f-24784735",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2e-24789317",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3w-24784741",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.4",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "13.6.4",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-07-15T03:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:34:12.719Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMXNET3 integer-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41236",
"datePublished": "2025-07-15T18:34:12.719Z",
"dateReserved": "2025-04-16T09:30:17.798Z",
"dateUpdated": "2025-07-16T03:55:58.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41227 (GCVE-0-2025-41227)
Vulnerability from cvelistv5 – Published: 2025-05-20 14:24 – Updated: 2025-06-24 07:13
VLAI?
Title
Denial-of-Service Vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.
Severity ?
5.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3se-24659227
(custom)
Affected: 7.0 , < ESXi70U3sv-24723868 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T15:59:41.340433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T16:00:12.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3se-24659227",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3sv-24723868",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.6.3",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-20T11:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware ESXi,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWorkstation, and Fusion contain a denial-of-service vulnerability due to certain guest options.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi,\u00a0Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options.\u00a0A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T07:13:30.222Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41227",
"datePublished": "2025-05-20T14:24:29.316Z",
"dateReserved": "2025-04-16T09:29:46.972Z",
"dateUpdated": "2025-06-24T07:13:30.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22224 (GCVE-0-2025-22224)
Vulnerability from cvelistv5 – Published: 2025-03-04 11:56 – Updated: 2025-10-21 22:55
VLAI?
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Severity ?
9.3 (Critical)
CWE
- Heap-overflow vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3d-24585383
(custom)
Affected: 8.0 , < ESXi80U2d-24585300 (custom) Affected: 7.0 , < ESXi70U3s-24585291 (custom) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:22.499570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:28.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, and Workstation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:39:46.987Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22224",
"datePublished": "2025-03-04T11:56:12.317Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-10-21T22:55:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34044 (GCVE-0-2023-34044)
Vulnerability from cvelistv5 – Published: 2023-10-20 08:56 – Updated: 2024-08-02 16:01
VLAI?
Title
Information disclosure vulnerability in bluetooth device-sharing functionality
Summary
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds
read vulnerability that exists in the functionality for sharing host
Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual
machine may be able to read privileged information contained in
hypervisor memory from a virtual machine.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Workstation |
Affected:
17.x , < 17.5
(17.5)
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:52.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "17.x",
"versionType": "17.5"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.5",
"status": "affected",
"version": "13.x",
"versionType": "13.5"
}
]
}
],
"datePublic": "2023-10-19T18:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine.\u0026nbsp;A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine."
}
],
"value": "VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine.\u00a0A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T08:56:53.136Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure vulnerability in bluetooth device-sharing functionality",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34044",
"datePublished": "2023-10-20T08:56:53.136Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2024-08-02T16:01:52.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3971 (GCVE-0-2020-3971)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:55 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
Severity ?
No CVSS data available.
CWE
- Heap overflow vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
6.7 before ESXi670-201904101-SG
Affected: 6.5 before ESXi650-201907101-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-201904101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-201907101-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.0.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap overflow vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T14:55:33.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-201904101-SG"
},
{
"version_value": "6.5 before ESXi650-201907101-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.0.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.0.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3971",
"datePublished": "2020-06-25T14:55:33.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3965 (GCVE-0-2020-3965)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:54 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
Severity ?
No CVSS data available.
CWE
- Information Leak
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202006401-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202006401-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T20:06:09.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202006401-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"name": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3965",
"datePublished": "2020-06-25T14:54:46.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3964 (GCVE-0-2020-3964)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:51 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
Severity ?
No CVSS data available.
CWE
- Information Leak
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202006401-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202006401-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor\u0027s memory. Additional conditions beyond the attacker\u0027s control need to be present for exploitation to be possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T20:06:10.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202006401-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor\u0027s memory. Additional conditions beyond the attacker\u0027s control need to be present for exploitation to be possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"name": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3964",
"datePublished": "2020-06-25T14:51:48.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3963 (GCVE-0-2020-3963)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:50 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.
Severity ?
No CVSS data available.
CWE
- Use-after-free vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202006401-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202006401-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T20:06:11.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202006401-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "20200717 VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jul/22"
},
{
"name": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3963",
"datePublished": "2020-06-25T14:50:52.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3966 (GCVE-0-2020-3966)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:45 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Severity ?
No CVSS data available.
CWE
- Heap-overflow due to race condition.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202004101-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-783/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow due to race condition.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T15:06:02.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-783/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-overflow due to race condition."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-783/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-783/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3966",
"datePublished": "2020-06-25T14:45:34.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3968 (GCVE-0-2020-3968)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:43 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202004101-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-781/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.5"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine\u0027s vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T15:06:03.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-781/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.5"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.5"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine\u0027s vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-781/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-781/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3968",
"datePublished": "2020-06-25T14:43:59.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3967 (GCVE-0-2020-3967)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:39 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Severity ?
No CVSS data available.
CWE
- Heap-overflow vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202004101-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-784/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.5"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T15:06:03.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-784/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.5"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.5"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-784/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-784/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3967",
"datePublished": "2020-06-25T14:39:21.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3970 (GCVE-0-2020-3970)
Vulnerability from cvelistv5 – Published: 2020-06-25 14:37 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202004101-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-782/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.5"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine\u0027s vmx process leading to a partial denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T15:06:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-782/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.5"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.5"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine\u0027s vmx process leading to a partial denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-782/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-782/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3970",
"datePublished": "2020-06-25T14:37:44.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3962 (GCVE-0-2020-3962)
Vulnerability from cvelistv5 – Published: 2020-06-24 16:01 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
Severity ?
No CVSS data available.
CWE
- Use-after-free vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202004101-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-785/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.5"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T15:06:04.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-785/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.5"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.5"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-785/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-785/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3962",
"datePublished": "2020-06-24T16:01:53.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3969 (GCVE-0-2020-3969)
Vulnerability from cvelistv5 – Published: 2020-06-24 16:00 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Severity ?
No CVSS data available.
CWE
- Heap-overflow vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware ESXi |
Affected:
7.0 before ESXi_7.0.0-1.20.16321839
Affected: 6.7 before ESXi670-202004101-SG Affected: 6.5 before ESXi650-202005401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-786/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.5"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T15:06:04.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-786/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"version_value": "6.7 before ESXi670-202004101-SG"
},
{
"version_value": "6.5 before ESXi650-202005401-SG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.5"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.5"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker\u0027s control must be present for exploitation to be possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-786/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-786/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3969",
"datePublished": "2020-06-24T16:00:46.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3947 (GCVE-0-2020-3947)
Vulnerability from cvelistv5 – Published: 2020-03-16 17:21 – Updated: 2024-08-04 07:52
VLAI?
Summary
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.
Severity ?
No CVSS data available.
CWE
- Use-after-free vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Workstation |
Affected:
15.x before 15.5.2
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T17:21:09.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3947",
"datePublished": "2020-03-16T17:21:09.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3948 (GCVE-0-2020-3948)
Vulnerability from cvelistv5 – Published: 2020-03-16 17:17 – Updated: 2024-08-04 07:52
VLAI?
Summary
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
Severity ?
No CVSS data available.
CWE
- Local privilege escalation vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Workstation |
Affected:
15.x before 15.5.2
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T17:17:39.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.5.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3948",
"datePublished": "2020-03-16T17:17:39.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5517 (GCVE-0-2019-5517)
Vulnerability from cvelistv5 – Published: 2019-04-15 17:20 – Updated: 2024-08-04 20:01
VLAI?
Summary
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Severity ?
No CVSS data available.
CWE
- Multiple Out-of-bounds read vulnerabilities
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-201904101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-201903001"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.0.3"
},
{
"status": "affected",
"version": "14.x before 14.1.6"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.0.3"
},
{
"status": "affected",
"version": "10.x before 10.1.6"
}
]
}
],
"datePublic": "2019-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Out-of-bounds read vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-15T17:20:08.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-201904101-SG"
},
{
"version_value": "6.5 before ESXi650-201903001"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.0.3"
},
{
"version_value": "14.x before 14.1.6"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.0.3"
},
{
"version_value": "10.x before 10.1.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Out-of-bounds read vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5517",
"datePublished": "2019-04-15T17:20:08.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:51.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5520 (GCVE-0-2019-5520)
Vulnerability from cvelistv5 – Published: 2019-04-15 17:12 – Updated: 2024-08-04 20:01
VLAI?
Summary
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-369/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-201904101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-201903001"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.0.3"
},
{
"status": "affected",
"version": "14.x before 14.1.6"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.0.3"
},
{
"status": "affected",
"version": "10.x before 10.1.6"
}
]
}
],
"datePublic": "2019-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T15:06:05.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-369/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-201904101-SG"
},
{
"version_value": "6.5 before ESXi650-201903001"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.0.3"
},
{
"version_value": "14.x before 14.1.6"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.0.3"
},
{
"version_value": "10.x before 10.1.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-369/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-369/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5520",
"datePublished": "2019-04-15T17:12:06.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:51.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5516 (GCVE-0-2019-5516)
Vulnerability from cvelistv5 – Published: 2019-04-15 16:57 – Updated: 2024-08-04 20:01
VLAI?
Summary
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
Severity ?
No CVSS data available.
CWE
- Vertex shader out-of-bounds read vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-201904101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-201903001"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.0.3"
},
{
"status": "affected",
"version": "14.x before 14.1.6"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.0.3"
},
{
"status": "affected",
"version": "10.x before 10.1.6"
}
]
}
],
"datePublic": "2019-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Vertex shader out-of-bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-15T19:06:09.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-201904101-SG"
},
{
"version_value": "6.5 before ESXi650-201903001"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x before 15.0.3"
},
{
"version_value": "14.x before 14.1.6"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x before 11.0.3"
},
{
"version_value": "10.x before 10.1.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Vertex shader out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0762",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5516",
"datePublished": "2019-04-15T16:57:27.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:51.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6974 (GCVE-0-2018-6974)
Vulnerability from cvelistv5 – Published: 2018-10-16 20:00 – Updated: 2024-09-16 19:46
VLAI?
Summary
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds read vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105660"
},
{
"name": "1041876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041876"
},
{
"name": "1041875",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041875"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-201810101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-201808401-BG"
},
{
"status": "affected",
"version": "6.0 before ESXi600-201808401-BG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "14.x before 14.1.3"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "10.x before 10.1.3"
}
]
}
],
"datePublic": "2018-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "105660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105660"
},
{
"name": "1041876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041876"
},
{
"name": "1041875",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041875"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0026.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-6974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-201810101-SG"
},
{
"version_value": "6.5 before ESXi650-201808401-BG"
},
{
"version_value": "6.0 before ESXi600-201808401-BG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.3"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105660"
},
{
"name": "1041876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041876"
},
{
"name": "1041875",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041875"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0026.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0026.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6974",
"datePublished": "2018-10-16T20:00:00.000Z",
"dateReserved": "2018-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:46:18.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6977 (GCVE-0-2018-6977)
Vulnerability from cvelistv5 – Published: 2018-10-09 20:00 – Updated: 2024-09-16 20:26
VLAI?
Summary
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
Severity ?
No CVSS data available.
CWE
- Denial-of-service vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105549"
},
{
"name": "1041821",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html"
},
{
"name": "1041822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7, 6.5, 6.0"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x and 14.x"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x and 10.x"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "105549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105549"
},
{
"name": "1041821",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html"
},
{
"name": "1041822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-6977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.7, 6.5, 6.0"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "15.x and 14.x"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "11.x and 10.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105549"
},
{
"name": "1041821",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041821"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html"
},
{
"name": "1041822",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6977",
"datePublished": "2018-10-09T20:00:00.000Z",
"dateReserved": "2018-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:19.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6973 (GCVE-0-2018-6973)
Vulnerability from cvelistv5 – Published: 2018-08-15 12:00 – Updated: 2024-09-17 02:41
VLAI?
Summary
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds write vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Workstation |
Affected:
14.x before 14.1.3
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041491",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
},
{
"name": "105094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "14.x before 14.1.3"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "10.x before 10.1.3"
}
]
}
],
"datePublic": "2018-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1041491",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
},
{
"name": "105094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-08-14T00:00:00",
"ID": "CVE-2018-6973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.3"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041491",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041491"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
},
{
"name": "105094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6973",
"datePublished": "2018-08-15T12:00:00.000Z",
"dateReserved": "2018-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:41:38.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6972 (GCVE-0-2018-6972)
Vulnerability from cvelistv5 – Published: 2018-07-25 13:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Severity ?
No CVSS data available.
CWE
- Denial-of-service vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104884",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104884"
},
{
"name": "1041356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041356"
},
{
"name": "1041357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041357"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 before ESXi670-201806401-BG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-201806401-BG"
},
{
"status": "affected",
"version": "6.0 before ESXi600-201806401-BG"
},
{
"status": "affected",
"version": "5.5 before ESXi550-201806401-BG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "14.x before 14.1.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "10.x before 10.1.2"
}
]
}
],
"datePublic": "2018-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "104884",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104884"
},
{
"name": "1041356",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041356"
},
{
"name": "1041357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041357"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-6972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 before ESXi670-201806401-BG"
},
{
"version_value": "6.5 before ESXi650-201806401-BG"
},
{
"version_value": "6.0 before ESXi600-201806401-BG"
},
{
"version_value": "5.5 before ESXi550-201806401-BG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104884"
},
{
"name": "1041356",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041356"
},
{
"name": "1041357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041357"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6972",
"datePublished": "2018-07-25T13:00:00.000Z",
"dateReserved": "2018-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:29.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6963 (GCVE-0-2018-6963)
Vulnerability from cvelistv5 – Published: 2018-05-22 13:00 – Updated: 2024-09-16 16:53
VLAI?
Summary
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.
Severity ?
No CVSS data available.
CWE
- Multiple Denial-of-service vulnerabilities
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Workstation |
Affected:
14.x before 14.1.2
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104237"
},
{
"name": "1040957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "14.x before 14.1.2"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "10.x before 10.1.2"
}
]
}
],
"datePublic": "2018-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Denial-of-service vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "104237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104237"
},
{
"name": "1040957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-6963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.2"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Denial-of-service vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104237"
},
{
"name": "1040957",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040957"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6963",
"datePublished": "2018-05-22T13:00:00.000Z",
"dateReserved": "2018-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:07.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}