CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2013-5973
https://notcve.org/view.php?id=CVE-2013-5973
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. VMware ESXi 4.0 a 5.5 y ESX 4.0 y 4.1 permiten a usuarios locales leer o modificar ficheros arbitrarios mediante el aprovechamiento de los roles Virtual Machine Power User o Resource Pool Administrator para una acción Add Existing Disk en vCenter con nombres de fichero (1) -flat, (2) -rdm o (3) -rdmp. • http://jvn.jp/en/jp/JVN13154935/index.html http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html http://osvdb.org/101387 http://www.securityfocus.com/archive/1/530482/100/0/threaded http://www.securityfocus.com/bid/64491 http://www.securitytracker.com/id/1029529 http://www.vmware.com/security/advisories/VMSA-2013-0016.html https://exchange.xforce.ibmcloud.com/vulnerabilities/89938 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3519
https://notcve.org/view.php?id=CVE-2013-3519
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. Igtosync.sys en VMware Workstation 9.x anteriores a 9.0.3 y VMware Player 5.x anteriores a 5.0.3, VMware Fusion 5.x anteriores a 5.0.4, VMware ESXi 4.0 hasta 5.1, y VMware ESX 4.0 y 4.1, cuando se utiliza un Windows 32-bit invitado, permite a usuarios de los sistemas operativos invitados ganar privilegios del sistema operativo invitado a través de una aplicación que ejecuta una reserva de memoria manipulada. • http://www.vmware.com/security/advisories/VMSA-2013-0014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5972
https://notcve.org/view.php?id=CVE-2013-5972
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. VMware Workstation 9.x antes de 9.0.3 y VMware Player 5.x antes 5.0.3 en Linux no manejan correctamente biblioteca compartida, que permite a los usuarios de host del sistema operativo para obtener privilegios del sistema operativo a través de vectores no especificados. • http://www.vmware.com/security/advisories/VMSA-2013-0013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-6366 – VMware Hyperic HQ Groovy Script-Console - Java Execution
https://notcve.org/view.php?id=CVE-2013-6366
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. La consola de script en VMware Hyperic HQ 4.6.6 permite a los administradores remotos autenticados ejecutar código arbitrario a través de una llamada a Runtime.getRuntime ().exe • https://www.exploit-db.com/exploits/28962 http://www.exploit-db.com/exploits/28962 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-5971
https://notcve.org/view.php?id=CVE-2013-5971
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. Vulnerabilidad de fijación de sesión en el vSphere Web Client Server de VMware vCenter Server 5.0 anterior a Update 3 permite a atacantes remotos secuestrar sesiones web y obtener privilegios a través de vectores sin especificar. • http://osvdb.org/98718 http://www.securityfocus.com/bid/63218 http://www.vmware.com/security/advisories/VMSA-2013-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/88134 • CWE-264: Permissions, Privileges, and Access Controls •