Security Vulnerabilities - CVEs Published In May 2024
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-14
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-14
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-14
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS Score
9.3
EPSS Score
0.001
Published
2024-05-14
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
CVSS Score
6.5
EPSS Score
0.005
Published
2024-05-14
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
CVSS Score
7.6
EPSS Score
0.005
Published
2024-05-14
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects:
SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-05-14
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-05-14
The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-05-14
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-05-14