We have one vendor disclosure from VMware. There is also an
exploit report for products from Ruckus Wireless.
VMware published an advisory
describing two vulnerabilities in their VMware ESXi, Workstation and Fusion.
The vulnerabilities were reported by Xiao Wei and Tianwen Tang (VictorV) of
Qihoo 360 Vulcan Team. VMware has new versions that mitigate the
vulnerabilities. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Use-after-free – CVE-2020-4004,
• Elevation of privilege – CVE-2020-4005
NOTE: These vulnerabilities were discovered as part of the 2020
Tianfu Cup Pwn Contest.