Page 5 of 37 results (0.013 seconds)

CVSS: 4.0EPSS: 0%CPEs: 101EXPL: 0

Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en el controlador VMware Descheduled Time Accounting en VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE v2.5.1 y anteriores, VMware Server v1.x anteriores a v1.0.9 build 156507 y v2.x anteriores a v2.0.1 build 156745, VMware Fusion v2.x anteriores a v2.0.2 build 147997, VMware ESXi v3.5, y VMware ESX v3.0.2, v3.0.3, y v3.5, cuando el servicio Descheduled Time Accounting no se está ejecutando, permite a usuarios invitados del sistema operativo en Windows provocar una denegación de servicio mediante vectores desconocidos. • http://secunia.com/advisories/35269 http://www.securityfocus.com/archive/1/503912/100/0/threaded http://www.securityfocus.com/bid/35141 http://www.securitytracker.com/id?1022300 http://www.vmware.com/security/advisories/VMSA-2009-0007.html http://www.vupen.com/english/advisories/2009/1452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130 •

CVSS: 4.4EPSS: 0%CPEs: 13EXPL: 3

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. La función nfs_permission en fs/nfs/dir.c en la implementación cliente NFS en Linux kernel v2.6.29.3 y versiones anteriores, cuando atomic_open está activo, no comprueba la ejecución (también conocido como EXEC or MAY_EXEC) de permisos de bits, lo cual permite a usuarios locales evitar permisos y ejecutar ficheros, como lo demostrado por ficheros en un servidor de ficheros NFSv4. • http://article.gmane.org/gmane.linux.nfs/26592 http://bugzilla.linux-nfs.org/show_bug.cgi?id=131 http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://secunia.com/advisories/35106 http://secunia.com/advisories/35298 http://secunia.com/advisories/35394 http&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 93EXPL: 0

Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916. Una vulnerabilidad no especificada en la función de pantalla de máquina virtual de en VMware Workstation v6.5.1 y anteriores; VMware Player v2.5.1 y anteriores; VMware ACE v2.5.1 y anteriores; VMware Server v1.x antes de la v1.0.9 build 156507 y v2.x antes de v2.0.1 build 156745; VMware Fusion antes de la v2.0.4 build 159196; VMware ESXi 3.5 y VMware ESX v3.0.2, v3.0.3 y v3.5 permite ejecutar, a los usuarios invitados, código arbitrario en el sistema operativo anfitrión a través de vectores desconocidos, una vulnerabilidad diferente a la CVE-2008-4916. • http://lists.vmware.com/pipermail/security-announce/2009/000055.html http://osvdb.org/53634 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/archive/1/502615/100/0/threaded http://www.securityfocus.com/bid/34471 http://www.securitytracker.com/id?1022031 http://www.vmware.com/security/advisories/VMSA-2009-0006.html http://www.vupen.com/english/advisories/2009/0944 https://exchange.xforce.ibmcloud.com/vulnerabilities/49834 https://oval.cisecurity.org •

CVSS: 6.2EPSS: 96%CPEs: 22EXPL: 0

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petición de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opción root_squash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://secunia.com/advisories/34422 http://secunia.com/advisories/34432 http://sec • CWE-16: Configuration •

CVSS: 7.1EPSS: 1%CPEs: 358EXPL: 1

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." La función icmp_send en net/ipv4/icmp.c en el kernel Linux anerior a v2.6.25, cuando se configura como un router con una ruta RECHAZADA, no gestiona apropiadamente el Protocolo Independiente de Caché de Destino (alias DST) en alguna situación que involucra transmisión de un mensaje ICMP Host inalcanzable, el cual permite a los atacantes remotos causar una denegación de servicio (conectividad parada) enviando una larga serie de paquetes a muchos direcciones IP de destino con esta ruta RECHAZADA, RELATIVA a "rt_cache leak." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 http://openwall.com/lists/oss-security/2009/03/11/2 http://secunia.com/advisories/33758 http://secunia.com/advisories/37471 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 http://www.redhat.com/support/errata/RHSA-2009-0326.html http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34084 http:/&#x • CWE-400: Uncontrolled Resource Consumption •