CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4281
https://notcve.org/view.php?id=CVE-2008-4281
10 Nov 2008 — Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors. Vulnerabilidad de salto de directorio en VMWare ESXi 3.5 anterior a ESXe350-200810401-O-UG y ESX 3.5 anterior a ESX350-200810201-UG; permite a los administradores con el privilegio Datastore.FileManagement, ganar privilegios a través de vectores desconocidos. • http://lists.vmware.com/pipermail/security-announce/2008/000042.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 9EXPL: 0CVE-2008-4915
https://notcve.org/view.php?id=CVE-2008-4915
10 Nov 2008 — The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS. Una vulnerabilidad sin especificar en la emulación de hardware de CPU... • http://lists.vmware.com/pipermail/security-announce/2008/000042.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4279
https://notcve.org/view.php?id=CVE-2008-4279
06 Oct 2008 — The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. La emulación de hardware de CPU para sistemas oper... • http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2101
https://notcve.org/view.php?id=CVE-2008-2101
03 Sep 2008 — The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. La utilidad de línea de comandos VMware Consolidated Backup (VCB) de VMware ESX 3.0.1 hasta 3.0.3 y ESX 3.5 coloca una contraseña en la línea de comandos, lo cual permite a usuarios locales obtener información sensible listando el proceso. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2008-3281 – libxml2 denial of service
https://notcve.org/view.php?id=CVE-2008-3281
27 Aug 2008 — libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2008-0967
https://notcve.org/view.php?id=CVE-2008-0967
05 Jun 2008 — Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x ante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2007-5671
https://notcve.org/view.php?id=CVE-2007-5671
05 Jun 2008 — HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. HGFS.sys en el VMware Tools package en VMware Workstation 5.x ante... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2097
https://notcve.org/view.php?id=CVE-2008-2097
05 Jun 2008 — Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." Un desbordamiento de búfer en el servicio de administración openwsman en VMware ESXi versión 3.5 y ESX versión 3.5, permite a los usuarios autenticados remotos alcanzar privilegios por medio de una "invalid Content-Length." • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2008-2100
https://notcve.org/view.php?id=CVE-2008-2100
05 Jun 2008 — Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Múltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion ... • http://secunia.com/advisories/30556 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 21%CPEs: 3EXPL: 0CVE-2007-5360
https://notcve.org/view.php?id=CVE-2007-5360
08 Jan 2008 — Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003. El desbordamiento de búfer en OpenPegasus Management Server, cuando es compilado para usar PAM y con PEGASUS_USE_PAM_STANDALONE_PROC definido, tal como se usa en VMWare ESX Server versión 3.0.1 y v... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •