admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from VMware for VMSA-2017-0021 from 2017-12-20.

Browse Source
This commit is contained in:
CVE Team 2017-12-20 09:06:30 -05:00
parent c5e75047f0
commit 038a08cde6
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
4 changed files with 233 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
2017/4xxx/CVE-2017-4933.json
View File

@ -1,8 +1,52 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2017-12-19T00:00:00",
"ID" : "CVE-2017-4933",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ESXi",
"version" : {
"version_data" : [
{
"version_value" : "6.5 before ESXi650-201710401-BG"
}
]
}
},
{
"product_name" : "Workstation",
"version" : {
"version_data" : [
{
"version_value" : "12.x before 12.5.8"
}
]
}
},
{
"product_name" : "Fusion",
"version" : {
"version_data" : [
{
"version_value" : "8.x before 8.5.9"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +55,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap overflow via authenticated VNC session"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
}
]
}

55
2017/4xxx/CVE-2017-4940.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2017-12-19T00:00:00",
"ID" : "CVE-2017-4940",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ESXi",
"version" : {
"version_data" : [
{
"version_value" : "6.5 before ESXi650-201712103-SG"
},
{
"version_value" : "6.0 before ESXi600-201711103-SG"
},
{
"version_value" : "5.5 before ESXi550-201709102-SG)"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The ESXi Host Client contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored cross-site scripting vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
}
]
}

72
2017/4xxx/CVE-2017-4941.json
View File

@ -1,8 +1,55 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2017-12-19T00:00:00",
"ID" : "CVE-2017-4941",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ESXi",
"version" : {
"version_data" : [
{
"version_value" : "6.0 before ESXi600-201711101-SG"
},
{
"version_value" : "5.5 ESXi550-201709101-SG"
}
]
}
},
{
"product_name" : "Workstation",
"version" : {
"version_data" : [
{
"version_value" : "12.x before 12.5.8"
}
]
}
},
{
"product_name" : "Fusion",
"version" : {
"version_data" : [
{
"version_value" : "8.x before 8.5.9"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +58,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack overflow via authenticated VNC session"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
}
]
}

49
2017/4xxx/CVE-2017-4943.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2017-12-19T00:00:00",
"ID" : "CVE-2017-4943",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "vCenter Server Appliance (vCSA)",
"version" : {
"version_data" : [
{
"version_value" : "6.5 before 6.5 U1d"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
}
]
}