CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-1208
https://notcve.org/view.php?id=CVE-2014-1208
VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. VMware Workstation 9.x anteriores a 9.0.1, WMware Player 5.x anteriores a 5.0.1, VMware Fusion 5.x anteriores a 5.0.1, VMware ESXi 4.0 hasta 5.1, y WMware ESX 4.0 y 4.1 permite a usuarios invitado del sistema causar una denegación de servicio (ruptura de proceso VMX) utilizando un puerto inválido. • http://osvdb.org/102197 http://secunia.com/advisories/56499 http://www.securityfocus.com/bid/64994 http://www.securitytracker.com/id/1029643 http://www.securitytracker.com/id/1029644 http://www.vmware.com/security/advisories/VMSA-2014-0001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/90558 •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2013-5973
https://notcve.org/view.php?id=CVE-2013-5973
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. VMware ESXi 4.0 a 5.5 y ESX 4.0 y 4.1 permiten a usuarios locales leer o modificar ficheros arbitrarios mediante el aprovechamiento de los roles Virtual Machine Power User o Resource Pool Administrator para una acción Add Existing Disk en vCenter con nombres de fichero (1) -flat, (2) -rdm o (3) -rdmp. • http://jvn.jp/en/jp/JVN13154935/index.html http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html http://osvdb.org/101387 http://www.securityfocus.com/archive/1/530482/100/0/threaded http://www.securityfocus.com/bid/64491 http://www.securitytracker.com/id/1029529 http://www.vmware.com/security/advisories/VMSA-2013-0016.html https://exchange.xforce.ibmcloud.com/vulnerabilities/89938 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3519
https://notcve.org/view.php?id=CVE-2013-3519
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. Igtosync.sys en VMware Workstation 9.x anteriores a 9.0.3 y VMware Player 5.x anteriores a 5.0.3, VMware Fusion 5.x anteriores a 5.0.4, VMware ESXi 4.0 hasta 5.1, y VMware ESX 4.0 y 4.1, cuando se utiliza un Windows 32-bit invitado, permite a usuarios de los sistemas operativos invitados ganar privilegios del sistema operativo invitado a través de una aplicación que ejecuta una reserva de memoria manipulada. • http://www.vmware.com/security/advisories/VMSA-2013-0014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 5%CPEs: 5EXPL: 0CVE-2013-5970
https://notcve.org/view.php?id=CVE-2013-5970
hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. hostd-vmdb en VMware ESXi 4.0 hasta la versión 5.0 y ESX 4.0 hasta la versión 4.1 permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio hostd-vmdb) mediante la modificación de la gestión de tráfico. • http://osvdb.org/98719 http://www.securityfocus.com/bid/63216 http://www.securitytracker.com/id/1029206 http://www.vmware.com/security/advisories/VMSA-2013-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/88135 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 11EXPL: 0CVE-2013-3657
https://notcve.org/view.php?id=CVE-2013-3657
Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Desbordamiento de búfer en VMware ESXi 4.0 hasta 5.0, y ESX 4.0 y 4.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de vectores no especificados. • http://jvn.jp/en/jp/JVN19847770/995428/index.html http://jvn.jp/en/jp/JVN19847770/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •