CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) wwhelp_entry.html alcanzable a través d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) parámetros desconocidos y (b) mensajes usados en los enlaces de "topic" para la funcionalidad de marcadores. • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html http://lists.vmware.com/pipermail/security-announce/2009/000073.html http://secunia.com/advisories/38749 http://secunia.com/advisories/38842 http://securitytracker.com/id?1023683 http://www.osvdb.org/62738 http://www.osvdb.org/62739 http://www.osvdb.org/62740 http://www.osvdb.org/62741 http://www.osvdb.org/62742 http://www.securityfocus.com/archive/1/509883/100/0/threaded http://www.securityfocus. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3080 – kernel: gdth: Prevent negative offsets in ioctl
https://notcve.org/view.php?id=CVE-2009-3080
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. Error de indice de matriz en la función gdth_read_event en drivers/scsi/gdth.c en el kernel de Linux antes de v2.6.32-RC8 permite a usuarios locales provocar una denegación de servicio o posiblemente obtener privilegios a través de un índice de evento negativo en una solicitud IOCTL. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •
CVE-2009-3547 – Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-3547
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Múltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegación de servicio )desreferencia a puntero NULL y caída del sistema) o conseguir privilegios mediante la apertura de un canal anónimo en la ruta /proc/*/fd/. • https://www.exploit-db.com/exploits/9844 https://www.exploit-db.com/exploits/33321 https://www.exploit-db.com/exploits/10018 https://www.exploit-db.com/exploits/33322 https://www.exploit-db.com/exploits/40812 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-672: Operation on a Resource after Expiration or Release •
CVE-2009-3733 – VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3733
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware Server v1.x anteriores a v1.0.10 build 203137 y v2.x anteriores a v2.0.2 build 203138 en Linux, VMware ESXi v3.5 y VMware ESX v3.0.3 y v3.5 permite a atacantes remotos leer ficheros de su elección a través de vectores de ataque sin especificar. • https://www.exploit-db.com/exploits/33310 http://lists.vmware.com/pipermail/security-announce/2009/000069.html http://secunia.com/advisories/37186 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1023088 http://securitytracker.com/id?1023089 http://www.securityfocus.com/archive/1/507523/100/0/threaded http://www.securityfocus.com/bid/36842 http://www.vmware.com/security/advisories/VMSA-2009-0015.html http://www.vupen.com/english/advisories/2009 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-2267 – VMware Virtual 8086 - Linux Local Ring0
https://notcve.org/view.php?id=CVE-2009-2267
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register. VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, VMware ACE v2.5.x anteriores a v2.5.3 build 185404, VMware Server v1.x anteriores a v1.0.10 build 203137 and v2.x anteriores a v2.0.2 build 203138, VMware Fusion v2.x anteriores a v2.0.6 build 196839, VMware ESXi v3.5 y v4.0, y VMware ESX v2.5.5, v3.0.3, v3.5 y v4.0, cuando el modo Virtual-8086 es usado, no asigna adecuadamente el código de excepción para una excepción de fallo de página (también conocido como #PF), lo que permite a usuarios del SO anfitrión obtener privilegios en el SO anfitrión especificando un valor modificado para el registro cs. • https://www.exploit-db.com/exploits/10207 http://lists.vmware.com/pipermail/security-announce/2009/000069.html http://secunia.com/advisories/37172 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1023082 http://securitytracker.com/id?1023083 http://www.securityfocus.com/archive/1/507523/100/0/threaded http://www.securityfocus.com/archive/1/507539/100/0/threaded http://www.securityfocus.com/bid/36841 http://www.vmware.com/security/advisories/VM •