CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-3282 – VMware Fusion 2.0.5 vmx86 kext Denial Of Service
https://notcve.org/view.php?id=CVE-2009-3282
Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. Desbordamiento de enteros en la extensión del núcleo vmx86 en VMware Fusion v2.0.6 anterior a build 196839 permite a los usuarios del sistema operativo anfitrión causar una denegación de servicio al sistema operativo anfitrión a través de vectores no especificados. • http://lists.vmware.com/pipermail/security-announce/2009/000066.html http://secunia.com/advisories/36928 http://securitytracker.com/id?1022981 http://www.vmware.com/security/advisories/VMSA-2009-0013.html http://www.vupen.com/english/advisories/2009/2811 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 13%CPEs: 12EXPL: 0CVE-2009-0199
https://notcve.org/view.php?id=CVE-2009-0199
Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). Desbordamiento de búfer basado en memoria dinámica (heap) en el VMnc media codec en VMware Movie Decoder anteriores a v6.5.3 build 185404, VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, y VMware ACE v2.5.x anteriores a v2.5.3 build 185404 para Windows podría permitir a atacantes remotos ejecutar código de su elección mediante un fichero de video con una dimensión modificada (también conocido como parámetros framebuffer). • http://lists.vmware.com/pipermail/security-announce/2009/000065.html http://secunia.com/advisories/34938 http://secunia.com/secunia_research/2009-25 http://www.securityfocus.com/archive/1/506286/100/0/threaded http://www.securityfocus.com/bid/36290 http://www.vmware.com/security/advisories/VMSA-2009-0012.html http://www.vupen.com/english/advisories/2009/2553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 11EXPL: 0CVE-2009-2628
https://notcve.org/view.php?id=CVE-2009-2628
The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. El codec multimedia VMnc en vmnc.dll en VMware Movie Decoder anterior a v6.5.3 build 185404, VMware Workstation v6.5.x anterior a v6.5.3 build 185404, VMware Player v2.5.x anterior a v2.5.3 build 185404 y VMware ACE v2.5.x anterior a v2.5.3 build 185404 sobre Windows, no maneja adecuadamente determinados tamaños de altura en el contenido de video, lo que podría permitir a atacantes remotos ejecutar código de su elección a través de un archivo AVI manipulado que provocaría un corrupción de memoria. • http://lists.vmware.com/pipermail/security-announce/2009/000065.html http://secunia.com/advisories/34938 http://www.kb.cert.org/vuls/id/444513 http://www.securityfocus.com/archive/1/506286/100/0/threaded http://www.securityfocus.com/bid/36290 http://www.vmware.com/security/advisories/VMSA-2009-0012.html http://www.vupen.com/english/advisories/2009/2553 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2968
https://notcve.org/view.php?id=CVE-2009-2968
Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors. Vulnerabilidad de salto de directorio en un componente de apoyo en la interfaz web en VMware Studio 2.0 public beta en versiones anteriores a la build 1017-185256 permite a atacantes remotos subir ficheros a ubicaciones de su elección mediante vectores no especificados. • http://lists.vmware.com/pipermail/security-announce/2009/000064.html http://www.securityfocus.com/archive/1/506191/100/0/threaded http://www.securityfocus.com/bid/36199 http://www.vmware.com/security/advisories/VMSA-2009-0011.html http://www.vmware.com/support/developer/studio/studio20/release_notes.html http://www.vupen.com/english/advisories/2009/2501 https://exchange.xforce.ibmcloud.com/vulnerabilities/52976 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 5CVE-2009-2698 – Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2698
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. La función udp_sendmsg en la implementación UDP en los archivos (1) net/ipv4/udp.c y (2) net/ipv6/udp.c en el kernel de Linux anterior a versión 2.6.19, permite a los usuarios locales obtener privilegios o causar una denegación de servicio (Desreferencia de puntero NULL y bloqueo de sistema) por medio de vectores que involucran el flag MSG_MORE y un socket UDP. • https://www.exploit-db.com/exploits/9575 https://www.exploit-db.com/exploits/9574 https://www.exploit-db.com/exploits/9542 https://github.com/xiaoxiaoleo/CVE-2009-2698 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html http://rhn.redhat.com/errata/RHSA-2009-1222.html http://rhn.redhat.com/errata/RHSA-2009-1223.html http://secunia.com&# • CWE-476: NULL Pointer Dereference •