Page 2 of 16 results (0.008 seconds)

CVSS: 5.0EPSS: 4%CPEs: 24EXPL: 3

CVE-2009-4811

https://notcve.org/view.php?id=CVE-2009-4811

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. VMware Authentication Daemon 1.0 en vmware-authd.exe en VMware Authorization Service en VMware Workstation 7.0 en versiones anteriores a la 7.0.1 build 227600 y 6.5.x en versiones anteriores a la 6.5.4 build 246459, VMware Player 3.0 en versiones anteriores a la 3.0.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459, VMware ACE 2.6 en versiones anteriores a la 2.6.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459 y VMware Server 2.x permiten a atacantes remotos provocar una denegación de servicio (caída del proceso) mediante una secuencia \x25\x90 en los comandos USER y PASS, un problema relacionado con CVE-2009-3707. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://freetexthost.com/qr1tffkzpu http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/36630 http://www.vmware.com/security/advisories/VMSA-2010-0007.html • CWE-134: Use of Externally-Controlled Format String •

CVSS: 9.3EPSS: 24%CPEs: 14EXPL: 0

CVE-2009-1564

https://notcve.org/view.php?id=CVE-2009-1564

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. Desbordamiento de búfer basado en pila en vmnc.dll en VMnc media codec en VMware Movie Decoder anterior a v6.5.4 build 246459 en Windows, y el descodificador de cine en VMware Workstation v6.5.x anterior a v6.5.4 build 246459, VMware Player v2.5.x anterior a v2.5.4 build 246459, y VMware Server v2.x en Windows, permite a atacantes remotos ejecutar código a su elección mediante un archivo AVI con trozos de vídeo manipulados que utilizan la codificación HexTile. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866 http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://osvdb.org/63614 http://secunia.com/advisories/36712 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://secunia.com/secunia_research/2009-36 http://www.securityfocus.com/bid/393 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 25%CPEs: 14EXPL: 0

CVE-2009-1565

https://notcve.org/view.php?id=CVE-2009-1565

vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." vmnc.dll en el codec multimedia VMnc anteriores a v6.5.4 Build 246459 en Windows, y el decodificados de video en VMware Workstation v6.5.x anteriores a v6.5.4 build 246459, VMware Player v2.5.x anteriores a v2.5.4 build 246459, y VMware Server v2.x en Windows, permite a atacantes remotos ejecutar código de forma arbitraria a traves de un fichero avi con trozos de vídeo codificado HexTile manipulado lo que inicia un desbordamiento de búfer de memoria dinámica, relacionado con los errores de truncado de entero. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/36712 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://secunia.com/secunia_research/2009-37 http://www.osvdb.org/63615 http://www.securityfocus.com/bid/39364 http://www.securitytracker.com/id?1023838 http://www.vmwar • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 28EXPL: 0

CVE-2010-1138

https://notcve.org/view.php?id=CVE-2010-1138

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. La pila de la red virtual en VMware Workstation v7.0 anteriores a v7.0.1 build 227600, VMware Workstation v6.5.x anteriores a v6.5.4 build 246459 en Windows, VMware Player v3.0 anteriores a v3.0.1 build 227600, VMware Player v2.5.x anteriores a v2.5.4 build 246459 en Windows, VMware ACE v2.6 anteriores a v2.6.1 build 227600 y v2.5.x anteriores a v2.5.4 build 246459, VMware Server v2.x, y VMware Fusion v3.0 anteriores a v3.0.1 build 232708 y v2.x anteriores a v2.0.7 build 246742 permite a atacantes remotos obtener información sensible de la memoria en el sistema operativo anfitrión mediante el examen de los paquetes de red recibidos, relacionado con la interacción entre el sistema operativo invitado y el proceso vmware-vx anfitrión. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://osvdb.org/63607 http://secunia.com/advisories/39203 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/39395 http://www.securitytracker.com/id?1023836 http://www • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 0

CVE-2010-1139

https://notcve.org/view.php?id=CVE-2010-1139

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y VMware Server v2.x en Linux y VMware Fusion v2.x antes de v2.0.7 build 246.742, permite a usuarios locales conseguir privilegios a través de especificadores de formato de cadenas en los metadatos de proceso. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://osvdb.org/63606 http://secunia.com/advisories/39201 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/39407 http://www.securitytracker.com/id?1023835 http://www • CWE-134: Use of Externally-Controlled Format String •