CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 138CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 2CVE-2014-4199 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4199
26 Aug 2014 — vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, permite a usuarios locales escribir a ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /tmp. Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when d... • https://packetstorm.news/files/id/128006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2014-4200 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4200
26 Aug 2014 — vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, utiliza los permisos 0644 para el archivo vm-support, lo que permite a usuarios locales obtener información sensible mediante la extracción de ficheros de este... • https://packetstorm.news/files/id/128006 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. Multiple sec... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3793 – VMware Security Advisory 2014-0005
https://notcve.org/view.php?id=CVE-2014-3793
31 May 2014 — VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. VMware Tools en VMware Workstation 10.x anterior a 10.0.2, VMware Player 6.x anterior a 6.0.2, VMware Fusion 6.x anterior a 6.0.3 y VMware ESXi 5.0 hasta 5.5, cuando ... • http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2384 – VMware Workstation / Player Invalid Pointer Dereference
https://notcve.org/view.php?id=CVE-2014-2384
12 Apr 2014 — vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable." vmx86.sys en VMware Workstation 10.0.1 build 1379776 y VMware Player 6.0.1 build 1379776 en Windows podría permitir a usuarios locales causar una denegación de servicio (violación de lectura de acceso y caíd... • http://seclists.org/fulldisclosure/2014/Apr/163 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-1208 – VMware Security Advisory 2014-0001
https://notcve.org/view.php?id=CVE-2014-1208
17 Jan 2014 — VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. VMware Workstation 9.x anteriores a 9.0.1, WMware Player 5.x anteriores a 5.0.1, VMware Fusion 5.x anteriores a 5.0.1, VMware ESXi 4.0 hasta 5.1, y WMware ESX 4.0 y 4.1 permite a usuarios invitado del sistema causar una denegación de servicio (ruptura de... • http://osvdb.org/102197 •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3519 – VMware Security Advisory 2013-0014
https://notcve.org/view.php?id=CVE-2013-3519
04 Dec 2013 — lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. Igtosync.sys en VMware Workstation 9.x anteriores a 9.0.3 y VMware Player 5.x anteriores a 5.0.3, VMware Fusion 5.x anteriores a 5.0.4, VMware ESXi 4.0 hasta 5.1, y VMware ESX 4.0 y 4.1,... • http://www.vmware.com/security/advisories/VMSA-2013-0014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5972 – VMware Security Advisory 2013-0013
https://notcve.org/view.php?id=CVE-2013-5972
14 Nov 2013 — VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. VMware Workstation 9.x antes de 9.0.3 y VMware Player 5.x antes 5.0.3 en Linux no manejan correctamente biblioteca compartida, que permite a los usuarios de host del sistema operativo para obtener privilegios del sistema operativo a través de vectores no especificados. VMware has updated VMware Workstation and ... • http://www.vmware.com/security/advisories/VMSA-2013-0013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 5%CPEs: 23EXPL: 3CVE-2013-1662 – VMWare Setuid vmware-mount Unsafe popen(3)
https://notcve.org/view.php?id=CVE-2013-1662
23 Aug 2013 — vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. vmware-mount en VMware Workstation v8.x y v9.x y VMware Player v4.x y v5.x, en sistemas basados en Debian GNU/Linux, permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host manipulando la r... • https://packetstorm.news/files/id/123002 • CWE-264: Permissions, Privileges, and Access Controls •