CVE-2008-3695
https://notcve.org/view.php?id=CVE-2008-3695
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696. Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, y CVE-2008-3696. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://secunia.com/advisories/31707 http://secunia.com/advisories/31708 http://secunia.com/advisories/31709 http://secunia.com/advisories/31710 http://securityreason.com/securityalert/4202 http://www.securityfocus.com/archive/1/495869/100/0/threaded http://www.securityfocus.com/bid/30934 http://www.securitytracker.com/id?1020791 http://www.vmware.com/security/advisories/VMSA-2008-0014.html http://www.v •
CVE-2008-2100
https://notcve.org/view.php?id=CVE-2008-2100
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Múltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, y VMware ESX 3.0.1 hasta la 3.5, permite a los usuarios del sistema huésped, ejecutar código arbitrario en el sistema anfitrión a través de vectores no específicos. • http://secunia.com/advisories/30556 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3922 http://securitytracker.com/id?1020200 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/bid/29552 http://www.vmware.com/security/advisories/VMSA-2008-0009.html http://www.vupen.com/english/advisories/2008/1744 https://exchange.xforce.ibmcloud.com/vulnerabilities/42872 https://oval.cisecurity.org/repository/search/de • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0967
https://notcve.org/view.php?id=CVE-2008-0967
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x anterior a 5.5.7 build 91707 y versión 6.x anterior a 6.0.4 build 93057, VMware Player versión 1.x anterior a 1.0.7 build 91707 y versión 2.x anterior a 2.0.4 build 93057, y VMware Server anterior a 1.0.6 build 91891 en Linux, y VMware ESXi versión 3.5 y VMware ESX versión 2.5.4 hasta 3.5, permite a los usuarios locales obtener privilegios por medio de una opción de path library en un archivo de configuración. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 http://secunia.com/advisories/30556 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3922 http://securitytracker.com/id?1020198 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/bid/29557 http://www.vmware.com/security/advisories/VMSA-2008-0009.html http://www.vupen.com/english/advisories/2008/1744 https://exchange.xforce.ibmcloud. •
CVE-2007-5671
https://notcve.org/view.php?id=CVE-2007-5671
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia \\.\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elección en el núcleo de la memoria del sistema huesped y así obtener privilegios. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 http://secunia.com/advisories/30556 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3922 http://securitytracker.com/id?1020197 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/archive/1/493148/100/0/threaded http://www.securityfocus.com/archive/1/493172/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2008-0009.html • CWE-20: Improper Input Validation •
CVE-2008-2099
https://notcve.org/view.php?id=CVE-2008-2099
Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. Vulnerabilidad no especificada en VMCI en VMware Workstation versiones 6 anteriores a 6.0.4 build 93057, VMware Player versiones 2 anteriores a 2.0.4 build 93057 y VMware ACE versiones 2 anteriores a 2.0.2 build 93057 en Windows, permite a los usuarios del SO invitado ejecutar código arbitrario en el SO host por medio de vectores no especificados • http://secunia.com/advisories/30476 http://www.securityfocus.com/archive/1/492831/100/0/threaded http://www.securityfocus.com/bid/29443 http://www.securitytracker.com/id?1020149 http://www.vmware.com/security/advisories/VMSA-2008-0008.html http://www.vupen.com/english/advisories/2008/1707 https://exchange.xforce.ibmcloud.com/vulnerabilities/42757 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •