CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0CVE-2015-1043
https://notcve.org/view.php?id=CVE-2015-1043
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors. Host Guest File System (HGFS) en VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, y VMware Fusion 6.x anterior a 6.0.5 y 7.x anterior a 7.0.1 permite a usuarios del sistema operativo invitado causar una denegación de servicio del sistema operativo invitado a través de vectores no especificados. • http://secunia.com/advisories/62551 http://www.securityfocus.com/bid/72337 http://www.securitytracker.com/id/1031644 http://www.vmware.com/security/advisories/VMSA-2015-0001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100934 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2014-4199 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4199
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, permite a usuarios locales escribir a ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /tmp. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.osvdb.org/110458 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95493 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 1CVE-2014-4200 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4200
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, utiliza los permisos 0644 para el archivo vm-support, lo que permite a usuarios locales obtener información sensible mediante la extracción de ficheros de este archivo. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.securityfocus.com/bid/69410 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95494 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3793
https://notcve.org/view.php?id=CVE-2014-3793
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. VMware Tools en VMware Workstation 10.x anterior a 10.0.2, VMware Player 6.x anterior a 6.0.2, VMware Fusion 6.x anterior a 6.0.3 y VMware ESXi 5.0 hasta 5.5, cuando un sistema operativo invitado de Windows 8.1 está utilizado, permite a usuarios del sistema operativo invitado ganar privilegios del sistema operativo invitado o causar una denegación de servicio (referencia a puntero nulo de kernel y caída del sistema operativo invitado) a través de vectores no especificados. • http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html http://secunia.com/advisories/58894 http://www.securityfocus.com/archive/1/532236/100/0/threaded http://www.securitytracker.com/id/1030310 http://www.securitytracker.com/id/1030311 http://www.vmware.com/security/advisories/VMSA-2014-0005.html •