5.3

CVE-2018-6957

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareWorkstation Pro Version >= 14.0 < 14.1.1
VMwareWorkstation Pro Version12.0
VMwareWorkstation Pro Version12.1
VMwareWorkstation Pro Version12.01
VMwareWorkstation Pro Version12.1.1
VMwareWorkstation Pro Version12.5
VMwareWorkstation Pro Version12.5.1
VMwareWorkstation Pro Version12.5.2
VMwareWorkstation Pro Version12.5.3
VMwareWorkstation Pro Version12.5.4
VMwareWorkstation Pro Version12.5.5
VMwareWorkstation Pro Version12.5.6
VMwareWorkstation Pro Version12.5.7
VMwareWorkstation Player Version >= 14.0 < 14.1.1
VMwareWorkstation Player Version12.0
VMwareWorkstation Player Version12.0.1
VMwareWorkstation Player Version12.1
VMwareWorkstation Player Version12.1.1
VMwareWorkstation Player Version12.5
VMwareWorkstation Player Version12.5.1
VMwareWorkstation Player Version12.5.2
VMwareWorkstation Player Version12.5.3
VMwareWorkstation Player Version12.5.4
VMwareWorkstation Player Version12.5.5
VMwareWorkstation Player Version12.5.6
VMwareWorkstation Player Version12.5.7
VMwareFusion Version8.0
VMwareFusion Version8.0.1
VMwareFusion Version8.0.2
VMwareFusion Version8.1
VMwareFusion Version8.1.1
VMwareFusion Version8.5
VMwareFusion Version8.5.1
VMwareFusion Version8.5.2
VMwareFusion Version8.5.3
VMwareFusion Version8.5.4
VMwareFusion Version8.5.5
VMwareFusion Version8.5.6
VMwareFusion Version8.5.7
VMwareFusion Version8.5.8
VMwareFusion Version >= 10.0 < 10.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.65% 0.735
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.securityfocus.com/bid/103431
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040539
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2018-0008.html
Vendor Advisory