CVSS: 6.3EPSS: 0%CPEs: 19EXPL: 0CVE-2011-2145
https://notcve.org/view.php?id=CVE-2011-2145
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error." mount.vmhgfs en el Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Player versiones 3.1.x anteriores a 3.1.4, VMware Fusion versiones 3.1.x anteriores a 3.1.3, VMware ESXi versiones 3.5 hasta 4.1, y VMware ESX versiones 3.0.3 hasta 4.1, cuando es utilizado un Sistema Operativo invitado de Solaris o FreeBSD, permite a los usuarios del sistema operativo invitado modificar archivos del sistema operativo invitado arbitrarios por medio de vectores no especificados, relacionados con un "procedural error". • http://secunia.com/advisories/44840 http://secunia.com/advisories/44904 http://www.securityfocus.com/bid/48098 http://www.securitytracker.com/id?1025601 http://www.vmware.com/security/advisories/VMSA-2011-0009.html https://exchange.xforce.ibmcloud.com/vulnerabilities/67815 https://hermes.opensuse.org/messages/8711677 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 0CVE-2011-2146
https://notcve.org/view.php?id=CVE-2011-2146
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. mount.vmhgfs en Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Player versiones 3.1.x anteriores a 3.1.4, VMware Fusion versiones 3.1.x anteriores a 3.1.3, VMware ESXi versiones 3.5 hasta 4.1, y VMware ESX versiones 3.0.3 hasta 4.1, permite a los usuarios del Sistema Operativo invitado determinar la existencia de archivos y directorios del sistema operativo host por medio de vectores no especificados. • http://secunia.com/advisories/44840 http://secunia.com/advisories/44904 http://www.securityfocus.com/bid/48098 http://www.securitytracker.com/id?1025601 http://www.vmware.com/security/advisories/VMSA-2011-0009.html https://exchange.xforce.ibmcloud.com/vulnerabilities/67813 https://hermes.opensuse.org/messages/8711677 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 27EXPL: 0CVE-2011-1126
https://notcve.org/view.php?id=CVE-2011-1126
VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory. VMware vmrun,como se utiliza en VIX API v1.x antes de v1.10.3 y VMware Workstation v6.5.x antes de v7.1.4 y v7.x compilación 385536 en Linux podría permitir a usuarios locales conseguir privilegios a través de un caballo de Troya en una librería compartida en un directorio especificado. • http://lists.vmware.com/pipermail/security-announce/2011/000131.html http://secunia.com/advisories/43885 http://secunia.com/advisories/43943 http://securityreason.com/securityalert/8173 http://securitytracker.com/id?1025270 http://www.securityfocus.com/archive/1/517240/100/0/threaded http://www.securityfocus.com/bid/47094 http://www.vmware.com/security/advisories/VMSA-2011-0006.html http://www.vupen.com/english/advisories/2011/0816 https://exchange.xforce.ibmcloud.com/vulnerabilities/664 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 11%CPEs: 34EXPL: 0CVE-2010-4294
https://notcve.org/view.php?id=CVE-2010-4294
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. La funcionalidad de descompresión de tramas ("frames") en el codec VMnc media de VMware Movie Decoder en versiones anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548, VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548 en Windows, VMware Player 2.5.x anteriores a la 2.5.5 build 246459 y 3.x anteriores a la 3.1.2 build 301548 en Windows, y VMware Server 2.x en Windows no valida apropiadamente un campo de tamaño sin especificar, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de la memoria dinámica) a través de un archivo de vídeo modificado. • http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69596 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45169 http://www.securitytracker.com/id?1024819 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/english/advisories/2010/3116 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4295
https://notcve.org/view.php?id=CVE-2010-4295
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. Condición de carrera en el proceso de montaje de vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build 301548 en Linux, VMware Server 2.0.2 en Linux, y VMware Fusion 3.1.x anteriores a la 3.1.2 build 332101 permite a usuarios del SO anfitrión escalar privilegios a través de vectores que involucran archivos temporales. • http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69585 http://secunia.com/advisories/42453 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45167 http://www.securitytracker.com/id?1024819 http://www.securitytracker.com/id?1024820 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/english/advisories/2010/3116 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •