CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2014-1207 – VMware Security Advisory 2014-0001
https://notcve.org/view.php?id=CVE-2014-1207
17 Jan 2014 — VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. VMWare ESXi 4.0 hasta 5.1 y ESX 4.0 y 4.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) interceptando y modificando tráfico Network File Copy (NFC). VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues. • http://osvdb.org/102196 •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-1208 – VMware Security Advisory 2014-0001
https://notcve.org/view.php?id=CVE-2014-1208
17 Jan 2014 — VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. VMware Workstation 9.x anteriores a 9.0.1, WMware Player 5.x anteriores a 5.0.1, VMware Fusion 5.x anteriores a 5.0.1, VMware ESXi 4.0 hasta 5.1, y WMware ESX 4.0 y 4.1 permite a usuarios invitado del sistema causar una denegación de servicio (ruptura de... • http://osvdb.org/102197 •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-5973 – VMware Security Advisory 2013-0016
https://notcve.org/view.php?id=CVE-2013-5973
23 Dec 2013 — VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. VMware ESXi 4.0 a 5.5 y ESX 4.0 y 4.1 permiten a usuarios locales leer o modificar ficheros arbitrarios mediante el aprovechamiento de los roles Virtual Machine Power User o Resource Pool Administrator para una acción Add Existing Dis... • http://jvn.jp/en/jp/JVN13154935/index.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3519 – VMware Security Advisory 2013-0014
https://notcve.org/view.php?id=CVE-2013-3519
04 Dec 2013 — lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. Igtosync.sys en VMware Workstation 9.x anteriores a 9.0.3 y VMware Player 5.x anteriores a 5.0.3, VMware Fusion 5.x anteriores a 5.0.4, VMware ESXi 4.0 hasta 5.1, y VMware ESX 4.0 y 4.1,... • http://www.vmware.com/security/advisories/VMSA-2013-0014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5970 – VMware Security Advisory 2013-0012
https://notcve.org/view.php?id=CVE-2013-5970
18 Oct 2013 — hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. hostd-vmdb en VMware ESXi 4.0 hasta la versión 5.0 y ESX 4.0 hasta la versión 4.1 permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio hostd-vmdb) mediante la modificación de la gestión de tráfico. VMware has updated vCenter Server, vCenter Server Appliance (vCSA), vSphere Update Manager (VUM)... • http://osvdb.org/98719 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2013-3657
https://notcve.org/view.php?id=CVE-2013-3657
10 Sep 2013 — Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Desbordamiento de búfer en VMware ESXi 4.0 hasta 5.0, y ESX 4.0 y 4.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de vectores no especificados. • http://jvn.jp/en/jp/JVN19847770/995428/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2013-3658
https://notcve.org/view.php?id=CVE-2013-3658
10 Sep 2013 — Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware ESXi 4.0 hasta 5.0, y ESX 4.0 y 4.1permiten a un atacante remoto borrar archivos a discrección en el sistema operativo anfitrión a través de vectores no especificados. • http://jvn.jp/en/jp/JVN72911629/995428/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0CVE-2013-1661 – VMware Security Advisory 2013-0011
https://notcve.org/view.php?id=CVE-2013-1661
30 Aug 2013 — VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream. VMware ESXi v4.0 hasta v5.1, y ESX v4.0 y v4.1 no aplicar correctamente el protocolo Network File Copy (NFC), lo que permite a atacantes man-in-the-middle causar una denegación de servicio (excepción sin manejar y caída de aplicación) med... • http://www.vmware.com/security/advisories/VMSA-2013-0011.html • CWE-20: Improper Input Validation •