Search criteria
10 vulnerabilities found for fusion_pro by vmware
CVE-2017-4905 (GCVE-0-2017-4905)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
Severity ?
No CVSS data available.
CWE
- Information leak
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97164"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4905",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4904 (GCVE-0-2017-4904)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution / DoS
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution / DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution / DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97165"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4904",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4903 (GCVE-0-2017-4903)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
Severity ?
No CVSS data available.
CWE
- Uninitialized Stack Memory Usage
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uninitialized Stack Memory Usage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized Stack Memory Usage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97160"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4903",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4902 (GCVE-0-2017-4902)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
Severity ?
No CVSS data available.
CWE
- Heap Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4902",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7461 (GCVE-0-2016-7461)
Vulnerability from nvd – Published: 2016-12-29 09:02 – Updated: 2024-08-06 01:57
VLAI?
Summary
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7461",
"datePublished": "2016-12-29T09:02:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4905 (GCVE-0-2017-4905)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
Severity ?
No CVSS data available.
CWE
- Information leak
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97164"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4905",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4903 (GCVE-0-2017-4903)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
Severity ?
No CVSS data available.
CWE
- Uninitialized Stack Memory Usage
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uninitialized Stack Memory Usage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized Stack Memory Usage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97160"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4903",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4902 (GCVE-0-2017-4902)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
Severity ?
No CVSS data available.
CWE
- Heap Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "97163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97163"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4902",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4904 (GCVE-0-2017-4904)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution / DoS
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
6.5 without patch ESXi650-201703410-SG
Affected: 6.0 U3 without patch ESXi600-201703401-SG Affected: 6.0 U2 without patch ESXi600-201703403-SG Affected: 6.0 U1 without patch ESXi600-201703402-SG Affected: 5.5 without patch ESXi550-201703401-SG |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201703410-SG"
},
{
"status": "affected",
"version": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"status": "affected",
"version": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"status": "affected",
"version": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201703401-SG"
}
]
},
{
"product": "Workstation Pro / Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.5"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.6"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution / DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "97165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 without patch ESXi650-201703410-SG"
},
{
"version_value": "6.0 U3 without patch ESXi600-201703401-SG"
},
{
"version_value": "6.0 U2 without patch ESXi600-201703403-SG"
},
{
"version_value": "6.0 U1 without patch ESXi600-201703402-SG"
},
{
"version_value": "5.5 without patch ESXi550-201703401-SG"
}
]
}
},
{
"product_name": "Workstation Pro / Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.5"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution / DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97165"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
},
{
"name": "1038148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"name": "1038149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4904",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7461 (GCVE-0-2016-7461)
Vulnerability from cvelistv5 – Published: 2016-12-29 09:02 – Updated: 2024-08-06 01:57
VLAI?
Summary
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "94280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"
},
{
"name": "1037282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7461",
"datePublished": "2016-12-29T09:02:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}