CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5333
https://notcve.org/view.php?id=CVE-2016-5333
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. VMware Photos OS OVA 1.0 en versiones anteriores a 2016-08-14 tiene una clave pública SSH por defecto en un archivo authorized_keys, lo que permite a atacantes remotos obtener acceso SSH aprovechando el conocimiento de la clave privada. • http://www.securityfocus.com/bid/92474 http://www.securitytracker.com/id/1036628 http://www.theregister.co.uk/2016/08/16/vmware_shipped_public_key_with_its_photon_osforcontainers http://www.vmware.com/security/advisories/VMSA-2016-0012.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2016-5336
https://notcve.org/view.php?id=CVE-2016-5336
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. VMware vRealize Automation 7.0.x en versiones anteriores a 7.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/92607 http://www.securitytracker.com/id/1036685 http://www.vmware.com/security/advisories/VMSA-2016-0013.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5335
https://notcve.org/view.php?id=CVE-2016-5335
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. • http://www.securityfocus.com/bid/92608 http://www.securitytracker.com/id/1036685 http://www.vmware.com/security/advisories/VMSA-2016-0013.html •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5332
https://notcve.org/view.php?id=CVE-2016-5332
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.6.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92448 http://www.securitytracker.com/id/1036619 http://www.vmware.com/security/advisories/VMSA-2016-0011.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 3%CPEs: 7EXPL: 2CVE-2016-5330 – VMware Host Guest Client Redirector - DLL Side Loading
https://notcve.org/view.php?id=CVE-2016-5330
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en la característica HGFS (también conocido como Shared Folders) en VMware Tools 10.0.5 en VMware ESXi 5.0 hasta la versión 6.0, VMware Workstation Pro 12.1.x en versiones anteriores a 12.1.1, VMware Workstation Player 12.1.x en versiones anteriores a 12.1.1 y VMware Fusion 8.1.x en versiones anteriores a 8.1.1 permite a usuarios locales obtener privilegios a través de una libreria troyanizada o fichero DLL troyanizado en el directorio de trabajo actual • https://www.exploit-db.com/exploits/41711 http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload http://www.securityfocus.com/archive/1/539131/100/0/threaded http://www.securityfocus.com/bid/92323 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.securitytracker.com/id/1036619 http://www.vmware.com/security/advisories/VMSA-2016-0010.html https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_ • CWE-426: Untrusted Search Path •