CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2336
https://notcve.org/view.php?id=CVE-2015-2336
TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897. TPView.dll en VMware Workstation 10.x anterior a 10.0.6 y 11.x anterior a 11.1.1, VMware Player 6.x anterior a 6.0.6 y 7.x anterior a 7.1.1, y VMware Horizon Client 3.2.x anterior a 3.2.1, 3.3.x, y 5.x local-mode anterior a 5.4.2 en Windows no reserva correctamente memoria, lo que permite a usuarios del sistema operativo invitado ejecutar código arbitrario sobre el sistema operativo anfitrión a través de vectores no especificados, una vulnerabilidad diferente a CVE-2012-0897. • http://www.securityfocus.com/bid/75095 http://www.securitytracker.com/id/1032529 http://www.securitytracker.com/id/1032530 http://www.vmware.com/security/advisories/VMSA-2015-0004.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2194 – Fusion <= 3.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-2194
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. Vulnerabilidad de la subida de ficheros sin restricciones en la función fusion_options en functions.php en el tema Fusion 3.1 para Wordpress permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fichero con una extensión ejecutable en una acción fusion_save, y posteriormente accediendo a ello a través de vectores no especificados. • http://packetstormsecurity.com/files/130397/WordPress-Fusion-3.1-Arbitrary-File-Upload.html http://www.securityfocus.com/bid/75341 https://wpvulndb.com/vulnerabilities/7795 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0CVE-2015-1043
https://notcve.org/view.php?id=CVE-2015-1043
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors. Host Guest File System (HGFS) en VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, y VMware Fusion 6.x anterior a 6.0.5 y 7.x anterior a 7.0.1 permite a usuarios del sistema operativo invitado causar una denegación de servicio del sistema operativo invitado a través de vectores no especificados. • http://secunia.com/advisories/62551 http://www.securityfocus.com/bid/72337 http://www.securitytracker.com/id/1031644 http://www.vmware.com/security/advisories/VMSA-2015-0001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100934 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2014-8370
https://notcve.org/view.php?id=CVE-2014-8370
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file. VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, VMware Fusion 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permiten a usuarios del sistema operativo anfitrión ganar privilegios del sistema operativo anfitrión o causar una denegación de servicio (escritura arbitraria a un fichero) mediante la modificación de un fichero de configuración. • http://jvn.jp/en/jp/JVN88252465/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007 http://secunia.com/advisories/62551 http://secunia.com/advisories/62605 http://secunia.com/advisories/62669 http://www.securityfocus.com/bid/72338 http://www.securitytracker.com/id/1031642 http://www.securitytracker.com/id/1031643 http://www.vmware.com/security/advisories/VMSA-2015-0001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100933 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3793
https://notcve.org/view.php?id=CVE-2014-3793
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. VMware Tools en VMware Workstation 10.x anterior a 10.0.2, VMware Player 6.x anterior a 6.0.2, VMware Fusion 6.x anterior a 6.0.3 y VMware ESXi 5.0 hasta 5.5, cuando un sistema operativo invitado de Windows 8.1 está utilizado, permite a usuarios del sistema operativo invitado ganar privilegios del sistema operativo invitado o causar una denegación de servicio (referencia a puntero nulo de kernel y caída del sistema operativo invitado) a través de vectores no especificados. • http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html http://secunia.com/advisories/58894 http://www.securityfocus.com/archive/1/532236/100/0/threaded http://www.securitytracker.com/id/1030310 http://www.securitytracker.com/id/1030311 http://www.vmware.com/security/advisories/VMSA-2014-0005.html •