CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2016-5328 – VMware Security Advisory 2016-0017
https://notcve.org/view.php?id=CVE-2016-5328
26 Oct 2016 — VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. VMware Tools 9.x y 10.x en versiones anteriores a 10.1.0 en OS X, cuando System Integrity Protection (SIP) está habilitado, permite a usuarios locales determinar las direcciones de memoria del kernel y eludir el mecanismo de protección kASLR a través de vectores no especific... • http://www.securityfocus.com/bid/93886 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5329 – VMware Security Advisory 2016-0017
https://notcve.org/view.php?id=CVE-2016-5329
26 Oct 2016 — VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. VMware Fusion 8.x en versiones anteriores a 8.5 en OS X, cuando System Integrity Protection (SIP) está habilitado, permite a usuarios locales determinar las direcciones de memoria del kernel y eludir el mecanismo de protección kASLR a través de vectores no especificados. VMware ... • http://www.securityfocus.com/bid/93888 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 2%CPEs: 13EXPL: 0CVE-2016-7087 – VMware Horizon View loggerBean Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-7087
07 Oct 2016 — Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad de salto de directorio en el Connection Server en VMware Horizon View 5.x en versiones anteriores a 5.3.7, 6.x en versiones anteriores a 6.2.3 y 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos obtener información sensible a través de vectores no e... • http://www.securityfocus.com/bid/93455 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5332 – VMware Security Advisory 2016-0011
https://notcve.org/view.php?id=CVE-2016-5332
12 Aug 2016 — Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.6.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. vRealize Log Insight contains a vulnerability that may allow for a directory traversal attack. Exploitation of this issue may lead ... • http://www.securityfocus.com/bid/92448 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4624 – EMC Avamar Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4624
24 Oct 2014 — EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call. EMC Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) 6.x y 7.0.x hasta 7.0.2-43 no requieren autenticación para llamadas a la API Java, lo que permite a atacantes remotos descubrir las contraseñas de grid MCUser y GSAN a través de una llamada manipulada. EMC Avamar serve... • http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2014-0225 – Framework: Information disclosure via SSRF
https://notcve.org/view.php?id=CVE-2014-0225
02 Oct 2014 — When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resolución de las referencias URI en una declarac... • https://pivotal.io/security/cve-2014-0225 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3796 – VMware Security Advisory 2014-0009
https://notcve.org/view.php?id=CVE-2014-3796
12 Sep 2014 — VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors. VMware NSX 6.0 anterior a 6.0.6, y vCloud Networking and Security (vCNS) 5.1 anterior a 5.1.4.2 y 5.5 anterior a 5.5.3, no valida debidamente las entradas, lo que permite a atacantes obtener información sensible a través de vectores no especificados. VMware NSX and... • http://secunia.com/advisories/59938 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 2CVE-2014-4199 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4199
26 Aug 2014 — vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, permite a usuarios locales escribir a ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /tmp. vm-support version 0.88 suffers from file overwrite and sensiti... • https://packetstorm.news/files/id/128006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2014-4200 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4200
26 Aug 2014 — vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, utiliza los permisos 0644 para el archivo vm-support, lo que permite a usuarios locales obtener información sensible mediante la ex... • https://packetstorm.news/files/id/128006 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 3%CPEs: 26EXPL: 2CVE-2010-2943 – XFS - Deleted Inode Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2943
30 Sep 2010 — The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo q... • https://www.exploit-db.com/exploits/15155 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •