Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for Workstation Pro / Player by VMware

    CVE-2017-4950 (GCVE-0-2017-4950)

    Vulnerability from cvelistv5 – Published: 2018-01-11 14:00 – Updated: 2024-09-17 02:47
    VLAI
    Summary
    VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.
    Severity
    No CVSS data available.
    CWE
    • Integer-overflow vulnerability
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040161 vdb-entryx_refsource_SECTRACK
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102490 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    VMware Workstation Pro / Player Affected: 14.x before 14.1.1
    Affected: 12.x before 12.5.9
    Create a notification for this product.
    VMware Fusion Affected: 10.x before 10.1.1
    Affected: 8.x before 8.5.10
    Create a notification for this product.
    Date Public
    2017-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:44.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040161"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
              },
              {
                "name": "102490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.x before 14.1.1"
                },
                {
                  "status": "affected",
                  "version": "12.x before 12.5.9"
                }
              ]
            },
            {
              "product": "Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.x before 10.1.1"
                },
                {
                  "status": "affected",
                  "version": "8.x before 8.5.10"
                }
              ]
            }
          ],
          "datePublic": "2017-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer-overflow vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-12T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "1040161",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040161"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
            },
            {
              "name": "102490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2017-01-10T00:00:00",
              "ID": "CVE-2017-4950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.x before 14.1.1"
                              },
                              {
                                "version_value": "12.x before 12.5.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.x before 10.1.1"
                              },
                              {
                                "version_value": "8.x before 8.5.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer-overflow vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040161",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040161"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
                },
                {
                  "name": "102490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4950",
        "datePublished": "2018-01-11T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:47:03.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4949 (GCVE-0-2017-4949)

    Vulnerability from cvelistv5 – Published: 2018-01-11 14:00 – Updated: 2024-09-16 22:46
    VLAI
    Summary
    VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.
    Severity
    No CVSS data available.
    CWE
    • Use-after-free vulnerability
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040161 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102489 vdb-entryx_refsource_BID
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    VMware Workstation Pro / Player Affected: 14.x before 14.1.1
    Affected: 12.x before 12.5.9
    Create a notification for this product.
    VMware Fusion Affected: 10.x before 10.1.1
    Affected: 8.x before 8.5.10
    Create a notification for this product.
    Date Public
    2017-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:43.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040161"
              },
              {
                "name": "102489",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102489"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.x before 14.1.1"
                },
                {
                  "status": "affected",
                  "version": "12.x before 12.5.9"
                }
              ]
            },
            {
              "product": "Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.x before 10.1.1"
                },
                {
                  "status": "affected",
                  "version": "8.x before 8.5.10"
                }
              ]
            }
          ],
          "datePublic": "2017-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-after-free vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-12T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "1040161",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040161"
            },
            {
              "name": "102489",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102489"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2017-01-10T00:00:00",
              "ID": "CVE-2017-4949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.x before 14.1.1"
                              },
                              {
                                "version_value": "12.x before 12.5.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.x before 10.1.1"
                              },
                              {
                                "version_value": "8.x before 8.5.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use-after-free vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040161",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040161"
                },
                {
                  "name": "102489",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102489"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4949",
        "datePublished": "2018-01-11T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:45.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4904 (GCVE-0-2017-4904)

    Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution / DoS
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97165 vdb-entryx_refsource_BID
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 6.0 U3 without patch ESXi600-201703401-SG
    Affected: 6.0 U2 without patch ESXi600-201703403-SG
    Affected: 6.0 U1 without patch ESXi600-201703402-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.527Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97165"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U3 without patch ESXi600-201703401-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U2 without patch ESXi600-201703403-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U1 without patch ESXi600-201703402-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution / DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "97165",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97165"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "6.0 U3 without patch ESXi600-201703401-SG"
                              },
                              {
                                "version_value": "6.0 U2 without patch ESXi600-201703403-SG"
                              },
                              {
                                "version_value": "6.0 U1 without patch ESXi600-201703402-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution / DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97165",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97165"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4904",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4903 (GCVE-0-2017-4903)

    Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
    Severity
    No CVSS data available.
    CWE
    • Uninitialized Stack Memory Usage
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97160 vdb-entryx_refsource_BID
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 6.0 U3 without patch ESXi600-201703401-SG
    Affected: 6.0 U2 without patch ESXi600-201703403-SG
    Affected: 6.0 U1 without patch ESXi600-201703402-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97160",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97160"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U3 without patch ESXi600-201703401-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U2 without patch ESXi600-201703403-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U1 without patch ESXi600-201703402-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uninitialized Stack Memory Usage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "97160",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97160"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "6.0 U3 without patch ESXi600-201703401-SG"
                              },
                              {
                                "version_value": "6.0 U2 without patch ESXi600-201703403-SG"
                              },
                              {
                                "version_value": "6.0 U1 without patch ESXi600-201703402-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uninitialized Stack Memory Usage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97160",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97160"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4903",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4902 (GCVE-0-2017-4902)

    Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
    Severity
    No CVSS data available.
    CWE
    • Heap Buffer Overflow
    Assigner
    References
    URL Tags
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/97163 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "97163",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97163"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "97163",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97163"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "97163",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97163"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4902",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4905 (GCVE-0-2017-4905)

    Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
    Severity
    No CVSS data available.
    CWE
    • Information leak
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97164 vdb-entryx_refsource_BID
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 6.0 U3 without patch ESXi600-201703401-SG
    Affected: 6.0 U2 without patch ESXi600-201703403-SG
    Affected: 6.0 U1 without patch ESXi600-201703402-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97164",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97164"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U3 without patch ESXi600-201703401-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U2 without patch ESXi600-201703403-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U1 without patch ESXi600-201703402-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "97164",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97164"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4905",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "6.0 U3 without patch ESXi600-201703401-SG"
                              },
                              {
                                "version_value": "6.0 U2 without patch ESXi600-201703403-SG"
                              },
                              {
                                "version_value": "6.0 U1 without patch ESXi600-201703402-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97164",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97164"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4905",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4950 (GCVE-0-2017-4950)

    Vulnerability from nvd – Published: 2018-01-11 14:00 – Updated: 2024-09-17 02:47
    VLAI
    Summary
    VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.
    Severity
    No CVSS data available.
    CWE
    • Integer-overflow vulnerability
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040161 vdb-entryx_refsource_SECTRACK
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102490 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    VMware Workstation Pro / Player Affected: 14.x before 14.1.1
    Affected: 12.x before 12.5.9
    Create a notification for this product.
    VMware Fusion Affected: 10.x before 10.1.1
    Affected: 8.x before 8.5.10
    Create a notification for this product.
    Date Public
    2017-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:44.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040161"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
              },
              {
                "name": "102490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.x before 14.1.1"
                },
                {
                  "status": "affected",
                  "version": "12.x before 12.5.9"
                }
              ]
            },
            {
              "product": "Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.x before 10.1.1"
                },
                {
                  "status": "affected",
                  "version": "8.x before 8.5.10"
                }
              ]
            }
          ],
          "datePublic": "2017-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer-overflow vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-12T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "1040161",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040161"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
            },
            {
              "name": "102490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2017-01-10T00:00:00",
              "ID": "CVE-2017-4950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.x before 14.1.1"
                              },
                              {
                                "version_value": "12.x before 12.5.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.x before 10.1.1"
                              },
                              {
                                "version_value": "8.x before 8.5.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer-overflow vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040161",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040161"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
                },
                {
                  "name": "102490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4950",
        "datePublished": "2018-01-11T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:47:03.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4949 (GCVE-0-2017-4949)

    Vulnerability from nvd – Published: 2018-01-11 14:00 – Updated: 2024-09-16 22:46
    VLAI
    Summary
    VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.
    Severity
    No CVSS data available.
    CWE
    • Use-after-free vulnerability
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040161 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102489 vdb-entryx_refsource_BID
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    VMware Workstation Pro / Player Affected: 14.x before 14.1.1
    Affected: 12.x before 12.5.9
    Create a notification for this product.
    VMware Fusion Affected: 10.x before 10.1.1
    Affected: 8.x before 8.5.10
    Create a notification for this product.
    Date Public
    2017-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:43.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040161"
              },
              {
                "name": "102489",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102489"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.x before 14.1.1"
                },
                {
                  "status": "affected",
                  "version": "12.x before 12.5.9"
                }
              ]
            },
            {
              "product": "Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.x before 10.1.1"
                },
                {
                  "status": "affected",
                  "version": "8.x before 8.5.10"
                }
              ]
            }
          ],
          "datePublic": "2017-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-after-free vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-12T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "1040161",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040161"
            },
            {
              "name": "102489",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102489"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2017-01-10T00:00:00",
              "ID": "CVE-2017-4949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.x before 14.1.1"
                              },
                              {
                                "version_value": "12.x before 12.5.9"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.x before 10.1.1"
                              },
                              {
                                "version_value": "8.x before 8.5.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use-after-free vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040161",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040161"
                },
                {
                  "name": "102489",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102489"
                },
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4949",
        "datePublished": "2018-01-11T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:45.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4905 (GCVE-0-2017-4905)

    Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
    Severity
    No CVSS data available.
    CWE
    • Information leak
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97164 vdb-entryx_refsource_BID
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 6.0 U3 without patch ESXi600-201703401-SG
    Affected: 6.0 U2 without patch ESXi600-201703403-SG
    Affected: 6.0 U1 without patch ESXi600-201703402-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97164",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97164"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U3 without patch ESXi600-201703401-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U2 without patch ESXi600-201703403-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U1 without patch ESXi600-201703402-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "97164",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97164"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4905",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "6.0 U3 without patch ESXi600-201703401-SG"
                              },
                              {
                                "version_value": "6.0 U2 without patch ESXi600-201703403-SG"
                              },
                              {
                                "version_value": "6.0 U1 without patch ESXi600-201703402-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97164",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97164"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4905",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4904 (GCVE-0-2017-4904)

    Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution / DoS
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97165 vdb-entryx_refsource_BID
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 6.0 U3 without patch ESXi600-201703401-SG
    Affected: 6.0 U2 without patch ESXi600-201703403-SG
    Affected: 6.0 U1 without patch ESXi600-201703402-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.527Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97165"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U3 without patch ESXi600-201703401-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U2 without patch ESXi600-201703403-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U1 without patch ESXi600-201703402-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution / DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "97165",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97165"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "6.0 U3 without patch ESXi600-201703401-SG"
                              },
                              {
                                "version_value": "6.0 U2 without patch ESXi600-201703403-SG"
                              },
                              {
                                "version_value": "6.0 U1 without patch ESXi600-201703402-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution / DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97165",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97165"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4904",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4903 (GCVE-0-2017-4903)

    Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
    Severity
    No CVSS data available.
    CWE
    • Uninitialized Stack Memory Usage
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97160 vdb-entryx_refsource_BID
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 6.0 U3 without patch ESXi600-201703401-SG
    Affected: 6.0 U2 without patch ESXi600-201703403-SG
    Affected: 6.0 U1 without patch ESXi600-201703402-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97160",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97160"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U3 without patch ESXi600-201703401-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U2 without patch ESXi600-201703403-SG"
                },
                {
                  "status": "affected",
                  "version": "6.0 U1 without patch ESXi600-201703402-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uninitialized Stack Memory Usage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "97160",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97160"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "6.0 U3 without patch ESXi600-201703401-SG"
                              },
                              {
                                "version_value": "6.0 U2 without patch ESXi600-201703403-SG"
                              },
                              {
                                "version_value": "6.0 U1 without patch ESXi600-201703402-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uninitialized Stack Memory Usage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97160",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97160"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4903",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4902 (GCVE-0-2017-4902)

    Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
    Severity
    No CVSS data available.
    CWE
    • Heap Buffer Overflow
    Assigner
    References
    URL Tags
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038148 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/97163 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038149 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    VMware ESXi Affected: 6.5 without patch ESXi650-201703410-SG
    Affected: 5.5 without patch ESXi550-201703401-SG
    Create a notification for this product.
    VMware Workstation Pro / Player Affected: 12.x prior to 12.5.5
    Create a notification for this product.
    VMware Fusion Pro / Fusion Affected: 8.x prior to 8.5.6
    Create a notification for this product.
    Date Public
    2017-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
              },
              {
                "name": "1038148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038148"
              },
              {
                "name": "97163",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97163"
              },
              {
                "name": "1038149",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 without patch ESXi650-201703410-SG"
                },
                {
                  "status": "affected",
                  "version": "5.5 without patch ESXi550-201703401-SG"
                }
              ]
            },
            {
              "product": "Workstation Pro / Player",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.x prior to 12.5.5"
                }
              ]
            },
            {
              "product": "Fusion Pro / Fusion",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.x prior to 8.5.6"
                }
              ]
            }
          ],
          "datePublic": "2017-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
            },
            {
              "name": "1038148",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038148"
            },
            {
              "name": "97163",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97163"
            },
            {
              "name": "1038149",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 without patch ESXi650-201703410-SG"
                              },
                              {
                                "version_value": "5.5 without patch ESXi550-201703401-SG"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Workstation Pro / Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.x prior to 12.5.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fusion Pro / Fusion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.x prior to 8.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
                },
                {
                  "name": "1038148",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038148"
                },
                {
                  "name": "97163",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97163"
                },
                {
                  "name": "1038149",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4902",
        "datePublished": "2017-06-07T18:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }