CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2101
https://notcve.org/view.php?id=CVE-2008-2101
03 Sep 2008 — The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. La utilidad de línea de comandos VMware Consolidated Backup (VCB) de VMware ESX 3.0.1 hasta 3.0.3 y ESX 3.5 coloca una contraseña en la línea de comandos, lo cual permite a usuarios locales obtener información sensible listando el proceso. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2008-3281 – libxml2 denial of service
https://notcve.org/view.php?id=CVE-2008-3281
27 Aug 2008 — libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2008-2100
https://notcve.org/view.php?id=CVE-2008-2100
05 Jun 2008 — Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Múltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion ... • http://secunia.com/advisories/30556 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2008-0967
https://notcve.org/view.php?id=CVE-2008-0967
05 Jun 2008 — Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x ante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 •
CVSS: 9.0EPSS: 6%CPEs: 2EXPL: 0CVE-2008-2097
https://notcve.org/view.php?id=CVE-2008-2097
05 Jun 2008 — Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." Un desbordamiento de búfer en el servicio de administración openwsman en VMware ESXi versión 3.5 y ESX versión 3.5, permite a los usuarios autenticados remotos alcanzar privilegios por medio de una "invalid Content-Length." • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2007-5671
https://notcve.org/view.php?id=CVE-2007-5671
05 Jun 2008 — HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. HGFS.sys en el VMware Tools package en VMware Workstation 5.x ante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 3EXPL: 0CVE-2007-5360
https://notcve.org/view.php?id=CVE-2007-5360
08 Jan 2008 — Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003. El desbordamiento de búfer en OpenPegasus Management Server, cuando es compilado para usar PAM y con PEGASUS_USE_PAM_STANDALONE_PROC definido, tal como se usa en VMWare ESX Server versión 3.0.1 y v... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 14%CPEs: 16EXPL: 0CVE-2007-0061
https://notcve.org/view.php?id=CVE-2007-0061
21 Sep 2007 — The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory." El servidor DHCP en EMC VMware Workstation anterior a 5.5.5 construcción 56455 y 6.x anterior a 6.0.1 construcción 55017, Player... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 16EXPL: 0CVE-2007-0063
https://notcve.org/view.php?id=CVE-2007-0063
21 Sep 2007 — Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow. Desbordamiento inferior de entero en el servidor DHCP de EMC VMware Workstation anterior a 5.5.... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1270
https://notcve.org/view.php?id=CVE-2007-1270
06 Apr 2007 — Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. Vulnerabilidad de doble liberación en el VMware ESX Server 3.0.0 y 3.0.1 permite a los atacantes provocar una denegación de servicio (caída), obtener información sensible o, posiblemente, ejecutar código de su elección a través de vectores sin especificar. • http://osvdb.org/35268 • CWE-189: Numeric Errors •