CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 1CVE-2014-4200 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4200
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, utiliza los permisos 0644 para el archivo vm-support, lo que permite a usuarios locales obtener información sensible mediante la extracción de ficheros de este archivo. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.securityfocus.com/bid/69410 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95494 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2014-4199 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4199
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, permite a usuarios locales escribir a ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /tmp. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.osvdb.org/110458 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95493 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.9EPSS: 0%CPEs: 20EXPL: 1CVE-2012-1666 – ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1666
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View anteriores a v5.1, y VMware ESX v4.1 anteriores a vU3 y v5.0 anteriores a vP03, permite a usuario locales obtener privilegios a través de un fichero tpfc.dll troyanizado en el directorio de trabajo actual. • https://www.exploit-db.com/exploits/37780 http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity •
CVSS: 6.9EPSS: 0%CPEs: 27EXPL: 0CVE-2011-1126
https://notcve.org/view.php?id=CVE-2011-1126
VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory. VMware vmrun,como se utiliza en VIX API v1.x antes de v1.10.3 y VMware Workstation v6.5.x antes de v7.1.4 y v7.x compilación 385536 en Linux podría permitir a usuarios locales conseguir privilegios a través de un caballo de Troya en una librería compartida en un directorio especificado. • http://lists.vmware.com/pipermail/security-announce/2011/000131.html http://secunia.com/advisories/43885 http://secunia.com/advisories/43943 http://securityreason.com/securityalert/8173 http://securitytracker.com/id?1025270 http://www.securityfocus.com/archive/1/517240/100/0/threaded http://www.securityfocus.com/bid/47094 http://www.vmware.com/security/advisories/VMSA-2011-0006.html http://www.vupen.com/english/advisories/2011/0816 https://exchange.xforce.ibmcloud.com/vulnerabilities/664 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 1CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funcionalidad actualizar de VMware Tools en VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548; VMware Player 2.5.x anteriores a la 2.5.5 build 328052 y 3.1.x anteriores a la 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x anteriores a la 2.0.8 build 328035 y 3.1.x anteriores a la 3.1.2 build 332101; VMware ESXi 3.5, 4.0, y 4.1; y VMware ESX 3.0.3, 3.5, 4.0, y 4.1 permite a los usuarios del SO base escalar privilegios en el SO invitado a través de vectores sin especificar. Relacionado con inyecciones de comandos. • https://www.exploit-db.com/exploits/15717 http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69590 http://secunia.com/advisories/42480 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45166 http://www.securitytracker.com/id?1024819 http://www.securitytracker.com/id?1024820 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/ • CWE-20: Improper Input Validation •