CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2012-1666 – ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1666
08 Sep 2012 — Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View an... • https://www.exploit-db.com/exploits/37780 •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4295
https://notcve.org/view.php?id=CVE-2010-4295
06 Dec 2010 — Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. Condición de carrera en el proceso de montaje de vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build... • http://lists.vmware.com/pipermail/security-announce/2010/000112.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 2%CPEs: 38EXPL: 1CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
06 Dec 2010 — The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funci... • https://www.exploit-db.com/exploits/15717 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4296
https://notcve.org/view.php?id=CVE-2010-4296
06 Dec 2010 — vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build 301548 en Linux, VMware Server 2.0.2 en Linux,... • http://lists.vmware.com/pipermail/security-announce/2010/000112.html • CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 4%CPEs: 34EXPL: 0CVE-2010-4294
https://notcve.org/view.php?id=CVE-2010-4294
06 Dec 2010 — The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (hea... • http://lists.vmware.com/pipermail/security-announce/2010/000112.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 3CVE-2009-4811
https://notcve.org/view.php?id=CVE-2009-4811
27 Apr 2010 — VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1139
https://notcve.org/view.php?id=CVE-2010-1139
12 Apr 2010 — Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y V... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.3EPSS: 17%CPEs: 14EXPL: 0CVE-2009-1564
https://notcve.org/view.php?id=CVE-2009-1564
12 Apr 2010 — Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. Desbordamiento de búfer basado en pila en vmnc.dll en VMnc media codec en VMware Movie Decoder anterior a v6.5... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 35EXPL: 0CVE-2010-1142
https://notcve.org/view.php?id=CVE-2010-1142
12 Apr 2010 — VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. VMware Tools ... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.9EPSS: 5%CPEs: 35EXPL: 0CVE-2010-1141
https://notcve.org/view.php?id=CVE-2010-1141
12 Apr 2010 — VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network sh... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-264: Permissions, Privileges, and Access Controls •