CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1515
https://notcve.org/view.php?id=CVE-2012-1515
02 Apr 2012 — VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. VMware ESXi v3.5, v4.0, y v4.1 y ESX v3.5, v4.0, y v4.1 no implementan de forma adecuada las operaciones I/O basadas en el puerto, lo que permite a usuarios del sistema obtener acceso al sistema operativo huésped sobre-escribiendo posiciones de m... • http://www.securityfocus.com/bid/52820 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1508
https://notcve.org/view.php?id=CVE-2012-1508
16 Mar 2012 — The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. El driver XPDM en VMware ESXi v4.0, v4.1, y v5.0; VMware ESX v4.0 y v4.1; y VMware View anterior a v4.6.1 permite a usuarios invitado del SO ganas privilegios de invitado o causar una denagación de servicio (NULL pointer dereference) mediante vectores no especificados • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1510
https://notcve.org/view.php?id=CVE-2012-1510
16 Mar 2012 — Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. Desbordamiento de búfer en el driver WDDM en VMware ESXi v4.0, v4.1, y v5.0; VMware ESX v4.0 y v4.1; y VMware View anterior a v4.6.1, permite a usuarios invitados del OS obtener privilegios de invitado mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4655 – kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl
https://notcve.org/view.php?id=CVE-2010-4655
18 Jul 2011 — net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. net/core/ethtool.c en el kernel de Linux anterior a 2.6.36 no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria dinámica del kernel elevando la capacidad CAP_NET_ADMIN ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b00916b189d13a615ff05c9242201135992fcda3 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1787
https://notcve.org/view.php?id=CVE-2011-1787
06 Jun 2011 — Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory. Una Condición de carrera en mount.vmhgfs en VMware Host Guest File System (HGFS) en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Pla... • http://secunia.com/advisories/44840 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2011-2145
https://notcve.org/view.php?id=CVE-2011-2145
06 Jun 2011 — mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error." mount.vmhgfs en el Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware... • http://secunia.com/advisories/44840 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-2146
https://notcve.org/view.php?id=CVE-2011-2146
06 Jun 2011 — mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. mount.vmhgfs en Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Player versiones 3.1.x anteriores a 3.1.4, VMware Fusio... • http://secunia.com/advisories/44840 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2010-4251 – kernel: unlimited socket backlog DoS
https://notcve.org/view.php?id=CVE-2010-4251
26 May 2011 — The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. La implementación del socket en net/core/sock.c en el kernel de Linux anterior a v2.6.34 no maneja correctamente un retraso de los paquetes recibidos, que permite a atacantes remotos provocar una denegación de ser... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8eae939f1400326b06d0c9afe53d2a484a326871 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-1789
https://notcve.org/view.php?id=CVE-2011-1789
09 May 2011 — The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. El instalador auto-extraible del cliente vSphere en VMware vCenter 4.0 anteriores a la Actualización 3 y v4.1 anteriores a la Actualización 1, VMware ESXi ... • http://lists.vmware.com/pipermail/security-announce/2011/000137.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 5%CPEs: 4EXPL: 0CVE-2011-1785
https://notcve.org/view.php?id=CVE-2011-1785
03 May 2011 — VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic. VMware ESXi v4.0 y v4.1 y ESX v4.0 y v4.1 permite a atacantes remotos provocar una denegación de servicio (agotamiento del socket) a través de tráfico de red no especificado. • http://kb.vmware.com/kb/1035108 • CWE-399: Resource Management Errors •