CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0CVE-2008-4916
https://notcve.org/view.php?id=CVE-2008-4916
06 Apr 2009 — Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (ho... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html •
CVSS: 6.3EPSS: 0%CPEs: 22EXPL: 0CVE-2009-1072 – kernel: nfsd should drop CAP_MKNOD for non-root
https://notcve.org/view.php?id=CVE-2009-1072
25 Mar 2009 — nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petición de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 • CWE-16: Configuration •
CVSS: 7.5EPSS: 2%CPEs: 358EXPL: 1CVE-2009-0778 – kernel: rt_cache leak leads to lack of network connectivity
https://notcve.org/view.php?id=CVE-2009-0778
12 Mar 2009 — The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." La función icmp_send ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4281
https://notcve.org/view.php?id=CVE-2008-4281
10 Nov 2008 — Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors. Vulnerabilidad de salto de directorio en VMWare ESXi 3.5 anterior a ESXe350-200810401-O-UG y ESX 3.5 anterior a ESX350-200810201-UG; permite a los administradores con el privilegio Datastore.FileManagement, ganar privilegios a través de vectores desconocidos. • http://lists.vmware.com/pipermail/security-announce/2008/000042.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2008-0967
https://notcve.org/view.php?id=CVE-2008-0967
05 Jun 2008 — Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x ante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 •
CVSS: 10.0EPSS: 14%CPEs: 16EXPL: 0CVE-2007-0061
https://notcve.org/view.php?id=CVE-2007-0061
21 Sep 2007 — The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory." El servidor DHCP en EMC VMware Workstation anterior a 5.5.5 construcción 56455 y 6.x anterior a 6.0.1 construcción 55017, Player... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 16EXPL: 0CVE-2007-0063
https://notcve.org/view.php?id=CVE-2007-0063
21 Sep 2007 — Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow. Desbordamiento inferior de entero en el servidor DHCP de EMC VMware Workstation anterior a 5.5.... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.6EPSS: 5%CPEs: 7EXPL: 1CVE-2006-2481 – VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2481
31 Jul 2006 — VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). VMware ESX Server 2.0.x versiones anteriores a 2.0.2 y 2.x versiones anteriores a 2.5.2 patch 4 almacena credenciales de autenticación en formato de codificación base 64 en las cookies vmware.mui.kid y vmware.... • https://www.exploit-db.com/exploits/28312 • CWE-255: Credentials Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2006-3589
https://notcve.org/view.php?id=CVE-2006-3589
19 Jul 2006 — vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. vmware-config.pl en VMware for Linux, ESX Server 2.x, y Infrastructure 3 no valida el código de retorno desde la llamada a la función Perl chmod, lo cual podría permitir un fichero llave SSL sea creado con una umask no segura que permite a usuarios ... • http://kb.vmware.com/kb/2467205 •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2005-3618
https://notcve.org/view.php?id=CVE-2005-3618
31 Dec 2005 — Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks. • http://kb.vmware.com/kb/2118366 •