CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 0CVE-2009-1119
https://notcve.org/view.php?id=CVE-2009-1119
Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow. Múltiples desbordamientos de búfer basados en monticulo en EMC RepliStor v6.2 anterior a SP5 y v6.3 anterior a SP2 permite a atacantes remotos ejecutar código de su elección a través de un mensaje manipulado en (1) ctrlservice.exe o (2) rep_srv.exe, posiblemente relacionado con un desbordamiento de entero. • http://secunia.com/advisories/34699 http://www.fortiguardcenter.com/advisory/FGA-2009-13.html http://www.securityfocus.com/archive/1/502575/100/0/threaded http://www.securityfocus.com/bid/34449 http://www.securitytracker.com/id?1022026 http://www.vupen.com/english/advisories/2009/1018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 71EXPL: 0CVE-2008-4916
https://notcve.org/view.php?id=CVE-2008-4916
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors. Vulnerabilidad no especificada en un controlado de dispositivo virtual invitado en VMware Workstation versiones anteriores a v5.5.9 build 126128, y v6.5.1 y versiones anteriores 6.x ; VMware Player versiones anteriores a v1.0.9 build 126128, y v2.5.1 y versiones anteriores 2.x; VMware ACE versiones anteriores a v1.0.8 build 125922, y v2.5.1 y versiones anteriores 2.x; VMware Server 1.x versiones anteriores a v1.0.8 build 126538 y 2.0.x versiones anteriores a v2.0.1 build 156745; VMware Fusion versiones anteriore a v2.0.1; VMware ESXi v3.5; y VMware ESX 3.0.2, v3.0.3, y v3.5 permite a usuarios del sistema operativo visitantes provocar una denegación de servicio (caída del sistema operativo host) a través de vectores desconocidos. • http://lists.vmware.com/pipermail/security-announce/2009/000054.html http://seclists.org/fulldisclosure/2009/Apr/0036.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/34373 http://www.securitytracker.com/id?1021973 http://www.vmware.com/security/advisories/VMSA-2009-0005.html http://www.vupen.com/english/advisories/2009/0944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439 •
CVSS: 7.8EPSS: 4%CPEs: 18EXPL: 0CVE-2008-6219
https://notcve.org/view.php?id=CVE-2008-6219
nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. nsrexecd.exe en multiples productos de EMC Networker incluidos EMC NetWorker Server, Storage Node, y Client v7.3.x y v7.4, v7.4.1, v7.4.2, Client y Storage Node para Open VMS v7.3.2 ECO6 y anteriores, Module for Microsoft Exchange v5.1 y anteriores, Module for Microsoft Applications v2.0 y anteriores, Module for Meditech v2.0 y anteriores, y PowerSnap v2.4 SP1 y anteriores no manejan correctamente la localizacion de memoria, lo que permite a atacantes remotos producir una denegacion de servicio (agotamiento de memoria) a traves de multiples peticiones RPC manipuladas • http://secunia.com/advisories/32383 http://www.fortiguardcenter.com/advisory/FGA-2008-23.html http://www.securityfocus.com/archive/1/497645/100/0/threaded http://www.securityfocus.com/archive/1/497666/100/0/threaded http://www.securityfocus.com/bid/31866 http://www.securitytracker.com/id?1021095 http://www.vupen.com/english/advisories/2008/2894 https://exchange.xforce.ibmcloud.com/vulnerabilities/46035 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2009-0311 – EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-0311
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. El servicio Backbone (ftbackbone.exe) en EMC AutoStart en versiones anteriores a 5.3 SP2, permite a los atacantes remotos ejecutar arbitrariamente código a través de un paquete con un valor manipulado que está desreferenciado como puntero a una función. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Backbone service (ftbackbone.exe) which listens by default on TCP port 8042. The process trusts a DWORD value from incoming packets which it arbitrarily calls. • http://osvdb.org/51566 http://secunia.com/advisories/33667 http://www.securityfocus.com/archive/1/500350/100/0/threaded http://www.securityfocus.com/bid/33415 http://www.securitytracker.com/id?1021636 http://zerodayinitiative.com/advisories/ZDI-09-009 https://exchange.xforce.ibmcloud.com/vulnerabilities/48197 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-5420 – EMC Control Center SST_SENDFILE Remote File Retrieval Vulnerability
https://notcve.org/view.php?id=CVE-2008-5420
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. El servicio SAN Manager Master Agent (alias msragent.exe)en EMC Control Center anterior 6.1 no autentica adecuadamente peticiones SST_SENDFILE, las cuales permiten a atacantes remotos leer archivos de su elección. This vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. • http://osvdb.org/50032 http://secunia.com/advisories/32801 http://securityreason.com/securityalert/4709 http://www.securityfocus.com/archive/1/498556/100/0/threaded http://www.securityfocus.com/bid/32392 http://www.securitytracker.com/id?1021263 http://www.vupen.com/english/advisories/2008/3220 http://www.zerodayinitiative.com/advisories/ZDI-08-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/46753 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •