CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-1789
https://notcve.org/view.php?id=CVE-2011-1789
09 May 2011 — The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. El instalador auto-extraible del cliente vSphere en VMware vCenter 4.0 anteriores a la Actualización 3 y v4.1 anteriores a la Actualización 1, VMware ESXi ... • http://lists.vmware.com/pipermail/security-announce/2011/000137.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 5%CPEs: 4EXPL: 0CVE-2011-1785
https://notcve.org/view.php?id=CVE-2011-1785
03 May 2011 — VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic. VMware ESXi v4.0 y v4.1 y ESX v4.0 y v4.1 permite a atacantes remotos provocar una denegación de servicio (agotamiento del socket) a través de tráfico de red no especificado. • http://kb.vmware.com/kb/1035108 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2011-1786
https://notcve.org/view.php?id=CVE-2011-1786
03 May 2011 — lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence. lsassd en Likewise Open /Enterprise versión 5.3 anterior a build 7845, Open versión 6.0 anterior a build 8325, e Enterprise versión 6.0 anterior ... • http://kb.vmware.com/kb/1035108 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 37%CPEs: 5EXPL: 1CVE-2010-3609 – OpenSLP 1.2.1 / < 1647 trunk - Denial of Service
https://notcve.org/view.php?id=CVE-2010-3609
11 Mar 2011 — The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information. El analizador de extensiones en el archivo slp_v2message.c en OpenSLP ... • https://www.exploit-db.com/exploits/17610 •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2011-0355
https://notcve.org/view.php?id=CVE-2011-0355
17 Feb 2011 — Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451. Cisco Nexus 1000V Virtual Ethernet Module (VEM) v4.0 (4) SV1 (1) hasta SV1 (3b), tal como se utiliza en VMware ESX v4.0 y v4.1 ESXi v4.0 y v4.1, no maneja ... • http://lists.vmware.com/pipermail/security-announce/2011/000118.html • CWE-399: Resource Management Errors •
CVSS: 7.9EPSS: 5%CPEs: 24EXPL: 4CVE-2010-4263 – kernel: igb panics when receiving tag vlan packet
https://notcve.org/view.php?id=CVE-2010-4263
18 Jan 2011 — The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. La función igb_receive_skb de drivers/net/igb/igb_main.c en el subsistema Intel Gigabit Ethernet (igb) ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=31b24b955c3ebbb6f3008a6374e61cf7c05a193c • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 2%CPEs: 8EXPL: 0CVE-2010-4526 – kernel: sctp: a race between ICMP protocol unreachable and connect()
https://notcve.org/view.php?id=CVE-2010-4526
11 Jan 2011 — Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. Condición de carrera en el kernel de Linux 2.6.11-rc2 hasta 2.6.33. Permite a atacantes remotos provocar una denegación de servicio (kernel... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-4343 – kernel: bfa driver sysfs crash
https://notcve.org/view.php?id=CVE-2010-4343
29 Dec 2010 — drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. drivers/scsi/AMB/bfa_core.c en el kernel de Linux anterior a v2.6.35 no inicializa una estructura de datos en un determinado puerto, lo que permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de las operaciones de lectura en un fichero de es... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7873ca4e4401f0ecd8868bf1543113467e6bae61 • CWE-665: Improper Initialization •
CVSS: 8.8EPSS: 1%CPEs: 38EXPL: 1CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
06 Dec 2010 — The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funci... • https://www.exploit-db.com/exploits/15717 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 3%CPEs: 26EXPL: 2CVE-2010-2943 – XFS - Deleted Inode Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2943
30 Sep 2010 — The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo q... • https://www.exploit-db.com/exploits/15155 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •