CVSS: 7.5EPSS: 16%CPEs: 24EXPL: 2CVE-2009-3707 – VMware Player / VMware Workstation 6.5.3 - 'VMware-authd' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-3707
16 Oct 2009 — VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string D... • https://www.exploit-db.com/exploits/33271 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2009-1805
https://notcve.org/view.php?id=CVE-2009-1805
01 Jun 2009 — Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors. Vulnerabil... • http://secunia.com/advisories/35269 •
CVSS: 8.8EPSS: 0%CPEs: 93EXPL: 1CVE-2009-1244
https://notcve.org/view.php?id=CVE-2009-1244
13 Apr 2009 — Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916. Una vulnerabilidad no especificada en ... • https://github.com/piotrbania/vmware_exploit_pack_CVE-2009-1244 •
CVSS: 7.1EPSS: 0%CPEs: 77EXPL: 0CVE-2009-1146
https://notcve.org/view.php?id=CVE-2009-1146
06 Apr 2009 — Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761. Vulnerabilidad no especificada en un ioctl de hcmon.sys de VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE v2.5.1 y an... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html •
CVSS: 7.8EPSS: 0%CPEs: 83EXPL: 0CVE-2009-1147
https://notcve.org/view.php?id=CVE-2009-1147
06 Apr 2009 — Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en el archivo vmci.sys en la Virtual Machine Communication Interface (VMCI) en VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE 2.5.1 y ant... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html •
CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0CVE-2008-4916
https://notcve.org/view.php?id=CVE-2008-4916
06 Apr 2009 — Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (ho... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html •
CVSS: 6.3EPSS: 0%CPEs: 22EXPL: 0CVE-2009-1072 – kernel: nfsd should drop CAP_MKNOD for non-root
https://notcve.org/view.php?id=CVE-2009-1072
25 Mar 2009 — nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petición de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 • CWE-16: Configuration •
CVSS: 7.5EPSS: 2%CPEs: 358EXPL: 1CVE-2009-0778 – kernel: rt_cache leak leads to lack of network connectivity
https://notcve.org/view.php?id=CVE-2009-0778
12 Mar 2009 — The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." La función icmp_send ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 9%CPEs: 41EXPL: 2CVE-2009-0177 – VMware 2.5.1 - 'VMware-authd' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0177
20 Jan 2009 — vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command. En la biblioteca vmwarebase.dll, tal y como es usado en el servicio vmware-authd (también se... • https://www.exploit-db.com/exploits/7647 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2008-0967
https://notcve.org/view.php?id=CVE-2008-0967
05 Jun 2008 — Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x ante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 •