CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2014-8370
https://notcve.org/view.php?id=CVE-2014-8370
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file. VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, VMware Fusion 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permiten a usuarios del sistema operativo anfitrión ganar privilegios del sistema operativo anfitrión o causar una denegación de servicio (escritura arbitraria a un fichero) mediante la modificación de un fichero de configuración. • http://jvn.jp/en/jp/JVN88252465/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007 http://secunia.com/advisories/62551 http://secunia.com/advisories/62605 http://secunia.com/advisories/62669 http://www.securityfocus.com/bid/72338 http://www.securitytracker.com/id/1031642 http://www.securitytracker.com/id/1031643 http://www.vmware.com/security/advisories/VMSA-2015-0001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100933 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 1CVE-2014-4200 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4200
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, utiliza los permisos 0644 para el archivo vm-support, lo que permite a usuarios locales obtener información sensible mediante la extracción de ficheros de este archivo. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.securityfocus.com/bid/69410 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95494 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2014-4199 – vm-support 0.88 File Overwrite / Information Disclosure
https://notcve.org/view.php?id=CVE-2014-4199
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, permite a usuarios locales escribir a ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /tmp. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.osvdb.org/110458 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95493 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3793
https://notcve.org/view.php?id=CVE-2014-3793
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. VMware Tools en VMware Workstation 10.x anterior a 10.0.2, VMware Player 6.x anterior a 6.0.2, VMware Fusion 6.x anterior a 6.0.3 y VMware ESXi 5.0 hasta 5.5, cuando un sistema operativo invitado de Windows 8.1 está utilizado, permite a usuarios del sistema operativo invitado ganar privilegios del sistema operativo invitado o causar una denegación de servicio (referencia a puntero nulo de kernel y caída del sistema operativo invitado) a través de vectores no especificados. • http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html http://secunia.com/advisories/58894 http://www.securityfocus.com/archive/1/532236/100/0/threaded http://www.securitytracker.com/id/1030310 http://www.securitytracker.com/id/1030311 http://www.vmware.com/security/advisories/VMSA-2014-0005.html •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2384
https://notcve.org/view.php?id=CVE-2014-2384
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable." vmx86.sys en VMware Workstation 10.0.1 build 1379776 y VMware Player 6.0.1 build 1379776 en Windows podría permitir a usuarios locales causar una denegación de servicio (violación de lectura de acceso y caída de sistema) a través de un buffer manipulado en una llamada IOCTL. NOTA: el investigador informa que "el proveedor clasifico el problema como no explotable." • http://seclists.org/fulldisclosure/2014/Apr/163 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384 • CWE-399: Resource Management Errors •