The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
Base Score: 7.2
Impact Score: 10
Exploitability Score: 3.9
Base Score: 8.8
Impact Score: 6
Exploitability Score: 2
|99131||ESXi 6.5 < Build 5224529 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)||Nessus||Misc.|
|99130||ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)||Nessus||Misc.|
|99105||VMware Workstation 12.x < 12.5.5 Multiple Vulnerabilities (VMSA-2017-0006)||Nessus||Windows|
|99104||VMware Workstation 12.x < 12.5.5 Multiple Vulnerabilities (VMSA-2017-0006) (Linux)||Nessus||General|
|99103||VMware Fusion 8.x < 8.5.6 Multiple Vulnerabilities (VMSA-2017-0006) (macOS)||Nessus||MacOS X Local Security Checks|
|99102||VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues||Nessus||VMware ESX Local Security Checks|