CVE-2008-4916
https://notcve.org/view.php?id=CVE-2008-4916
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors. Vulnerabilidad no especificada en un controlado de dispositivo virtual invitado en VMware Workstation versiones anteriores a v5.5.9 build 126128, y v6.5.1 y versiones anteriores 6.x ; VMware Player versiones anteriores a v1.0.9 build 126128, y v2.5.1 y versiones anteriores 2.x; VMware ACE versiones anteriores a v1.0.8 build 125922, y v2.5.1 y versiones anteriores 2.x; VMware Server 1.x versiones anteriores a v1.0.8 build 126538 y 2.0.x versiones anteriores a v2.0.1 build 156745; VMware Fusion versiones anteriore a v2.0.1; VMware ESXi v3.5; y VMware ESX 3.0.2, v3.0.3, y v3.5 permite a usuarios del sistema operativo visitantes provocar una denegación de servicio (caída del sistema operativo host) a través de vectores desconocidos. • http://lists.vmware.com/pipermail/security-announce/2009/000054.html http://seclists.org/fulldisclosure/2009/Apr/0036.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/34373 http://www.securitytracker.com/id?1021973 http://www.vmware.com/security/advisories/VMSA-2009-0005.html http://www.vupen.com/english/advisories/2009/0944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439 •
CVE-2009-0177 – VMware 2.5.1 - 'VMware-authd' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0177
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command. En la biblioteca vmwarebase.dll, tal y como es usado en el servicio vmware-authd (también se conoce como vmware-authd.exe), en VMware Workstation versión 6.5.1 build 126130, versión 6.5.1 y anteriores; VMware Player versión 2.5.1 build 126130, versión 2.5.1 y anteriores; VMware ACE versión 2.5.1 y anteriores; VMware Server versiones 2.0.x anteriores a 2.0.1 build 156745; y VMware Fusion anterior a versión 2.0.2 build 147997, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un comando largo (1) USUARIO o (2) PASS. • https://www.exploit-db.com/exploits/7647 http://lists.vmware.com/pipermail/security-announce/2009/000054.html http://osvdb.org/51180 http://seclists.org/fulldisclosure/2009/Apr/0036.html http://secunia.com/advisories/33372 http://secunia.com/advisories/34601 http://www.securityfocus.com/bid/34373 http://www.securitytracker.com/id?1021512 http://www.vmware.com/security/advisories/VMSA-2009-0005.html http://www.vupen.com/english/advisories/2009/0024 http://www.vupen.com/ • CWE-399: Resource Management Errors •
CVE-2008-3697
https://notcve.org/view.php?id=CVE-2008-3697
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request. Una extensión ISAPI sin especificar en VMware Server versiones anteriores a 1.0.7 build 108231 permite a atacantes remotos provocar una denegación de servicio (caída IIS) a través de peticiones mal formadas. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://secunia.com/advisories/31708 http://securityreason.com/securityalert/4202 http://www.securityfocus.com/archive/1/495869/100/0/threaded http://www.securityfocus.com/bid/30935 http://www.securitytracker.com/id?1020789 http://www.vmware.com/security/advisories/VMSA-2008-0014.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vupen.com/english/advisories/2008/2466 https:/ • CWE-20: Improper Input Validation •
CVE-2008-0967
https://notcve.org/view.php?id=CVE-2008-0967
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x anterior a 5.5.7 build 91707 y versión 6.x anterior a 6.0.4 build 93057, VMware Player versión 1.x anterior a 1.0.7 build 91707 y versión 2.x anterior a 2.0.4 build 93057, y VMware Server anterior a 1.0.6 build 91891 en Linux, y VMware ESXi versión 3.5 y VMware ESX versión 2.5.4 hasta 3.5, permite a los usuarios locales obtener privilegios por medio de una opción de path library en un archivo de configuración. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 http://secunia.com/advisories/30556 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3922 http://securitytracker.com/id?1020198 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/bid/29557 http://www.vmware.com/security/advisories/VMSA-2008-0009.html http://www.vupen.com/english/advisories/2008/1744 https://exchange.xforce.ibmcloud. •
CVE-2007-5671
https://notcve.org/view.php?id=CVE-2007-5671
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia \\.\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elección en el núcleo de la memoria del sistema huesped y así obtener privilegios. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 http://secunia.com/advisories/30556 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3922 http://securitytracker.com/id?1020197 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/archive/1/493148/100/0/threaded http://www.securityfocus.com/archive/1/493172/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2008-0009.html • CWE-20: Improper Input Validation •