Vulnerabilites related to vmware - server
CVE-2008-3697 (GCVE-0-2008-3697)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "1020789",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "30935",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30935"
},
{
"name": "vmware-isapi-extension-dos(44796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44796"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "1020789",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "30935",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30935"
},
{
"name": "vmware-isapi-extension-dos(44796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44796"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "1020789",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020789"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "30935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30935"
},
{
"name": "vmware-isapi-extension-dos(44796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44796"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3697",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3892 (GCVE-0-2008-3892)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "6345",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "vmware-comapi-guestinfo-bo(43062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "29503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "6345",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "vmware-comapi-guestinfo-bo(43062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "29503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "6345",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "vmware-comapi-guestinfo-bo(43062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "29503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29503"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3892",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-09-03T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0778 (GCVE-0-2009-0778)
Vulnerability from cvelistv5
Published
2009-03-12 15:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "33758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33758"
},
{
"name": "oval:org.mitre.oval:def:10215",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:7867",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"name": "1021958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"name": "linux-kernel-rtcache-dos(49199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "34084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2009:0326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "33758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33758"
},
{
"name": "oval:org.mitre.oval:def:10215",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:7867",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"name": "1021958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"name": "linux-kernel-rtcache-dos(49199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "34084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34084"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0778",
"datePublished": "2009-03-12T15:00:00",
"dateReserved": "2009-03-03T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5618 (GCVE-0-2007-5618)
Vulnerability from cvelistv5
Published
2007-10-21 21:00
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5618",
"datePublished": "2007-10-21T21:00:00",
"dateReserved": "2007-10-21T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1565 (GCVE-0-2009-1565)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 05:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "36712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36712"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "63615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-37/"
},
{
"name": "1023838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023838"
},
{
"name": "39364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39364"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to \"integer truncation errors.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-22T09:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "36712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36712"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "63615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-37/"
},
{
"name": "1023838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023838"
},
{
"name": "39364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39364"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-1565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to \"integer truncation errors.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "36712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36712"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "63615",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63615"
},
{
"name": "http://secunia.com/secunia_research/2009-37/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-37/"
},
{
"name": "1023838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023838"
},
{
"name": "39364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39364"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2009-1565",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4295 (GCVE-0-2010-4295)
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:13.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69585",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45167"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42453"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69585",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45167"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42453"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69585",
"refsource": "OSVDB",
"url": "http://osvdb.org/69585"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45167"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42453"
},
{
"name": "1024819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4295",
"datePublished": "2010-12-06T21:00:00",
"dateReserved": "2010-11-18T00:00:00",
"dateUpdated": "2024-08-07T03:43:13.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2662 (GCVE-0-2006-2662)
Vulnerability from cvelistv5
Published
2006-06-02 10:00
Modified
2024-08-07 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:52.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060602 VMSA-2006-0002 - VMware Server sensitive information lifetime issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435709/100/0/threaded"
},
{
"name": "ADV-2006-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2104"
},
{
"name": "vmware-server-information-disclosure(26879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124"
},
{
"name": "18236",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18236"
},
{
"name": "1016200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060602 VMSA-2006-0002 - VMware Server sensitive information lifetime issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435709/100/0/threaded"
},
{
"name": "ADV-2006-2104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2104"
},
{
"name": "vmware-server-information-disclosure(26879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124"
},
{
"name": "18236",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18236"
},
{
"name": "1016200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060602 VMSA-2006-0002 - VMware Server sensitive information lifetime issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435709/100/0/threaded"
},
{
"name": "ADV-2006-2104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2104"
},
{
"name": "vmware-server-information-disclosure(26879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26879"
},
{
"name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124"
},
{
"name": "18236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18236"
},
{
"name": "1016200",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2662",
"datePublished": "2006-06-02T10:00:00",
"dateReserved": "2006-05-30T00:00:00",
"dateUpdated": "2024-08-07T17:58:52.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4497 (GCVE-0-2007-4497)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "25731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "25731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "25731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25731"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4497",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-08-22T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3696 (GCVE-0-2008-3696)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3696",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1137 (GCVE-0-2010-1137)
Vulnerability from cvelistv5
Published
2010-04-01 19:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "oval:org.mitre.oval:def:6863",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "oval:org.mitre.oval:def:6863",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "oval:org.mitre.oval:def:6863",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1137",
"datePublished": "2010-04-01T19:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:05.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5671 (GCVE-0-2007-5671)
Vulnerability from cvelistv5
Published
2008-06-05 20:21
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "oval:org.mitre.oval:def:5688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"name": "oval:org.mitre.oval:def:5358",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020197",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020197"
},
{
"name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "oval:org.mitre.oval:def:5688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"name": "oval:org.mitre.oval:def:5358",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020197",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020197"
},
{
"name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "oval:org.mitre.oval:def:5688",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"name": "oval:org.mitre.oval:def:5358",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020197",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020197"
},
{
"name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"name": "3922",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5671",
"datePublished": "2008-06-05T20:21:00",
"dateReserved": "2007-10-23T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1361 (GCVE-0-2008-1361)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "vmware-authd-privilege-escalation(41257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "vmware-authd-privilege-escalation(41257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "vmware-authd-privilege-escalation(41257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1361",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2491 (GCVE-0-2007-2491)
Vulnerability from cvelistv5
Published
2007-05-04 00:00
Modified
2024-08-07 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "ADV-2007-1592",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1592"
},
{
"name": "40088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "ADV-2007-1592",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1592"
},
{
"name": "40088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "ADV-2007-1592",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1592"
},
{
"name": "40088",
"refsource": "OSVDB",
"url": "http://osvdb.org/40088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2491",
"datePublished": "2007-05-04T00:00:00",
"dateReserved": "2007-05-03T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4296 (GCVE-0-2010-4296)
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45168"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42453"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024820"
},
{
"name": "69584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45168"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42453"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024820"
},
{
"name": "69584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45168"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42453"
},
{
"name": "1024819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024820"
},
{
"name": "69584",
"refsource": "OSVDB",
"url": "http://osvdb.org/69584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4296",
"datePublished": "2010-12-06T21:00:00",
"dateReserved": "2010-11-18T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1340 (GCVE-0-2008-1340)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vmci-dos(41250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"name": "1019624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger \"memory exhaustion and memory corruption.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vmci-dos(41250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"name": "1019624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger \"memory exhaustion and memory corruption.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vmci-dos(41250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"name": "1019624",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019624"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1340",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-14T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5619 (GCVE-0-2007-5619)
Vulnerability from cvelistv5
Published
2007-10-21 21:00
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-10-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5619",
"datePublished": "2007-10-21T21:00:00",
"dateReserved": "2007-10-21T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1363 (GCVE-0-2008-1363)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vmware-config-privilege-escalation(41252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "1019622",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for \"hijacking the VMX process.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vmware-config-privilege-escalation(41252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "1019622",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for \"hijacking the VMX process.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vmware-config-privilege-escalation(41252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "1019622",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019622"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1363",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4297 (GCVE-0-2010-4297)
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45166"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42480"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a \"command injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45166"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42480"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a \"command injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "69590",
"refsource": "OSVDB",
"url": "http://osvdb.org/69590"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45166"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "42480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42480"
},
{
"name": "1024819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"name": "1024820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4297",
"datePublished": "2010-12-06T21:00:00",
"dateReserved": "2010-11-18T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0063 (GCVE-0-2007-0063)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "dhcp-param-underflow(33103)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "dhcp-param-underflow(33103)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "dhcp-param-underflow(33103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"name": "1018717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/275.html"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0063",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0177 (GCVE-0-2009-0177)
Vulnerability from cvelistv5
Published
2009-01-20 15:26
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6433",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "33372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33372"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"name": "51180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51180"
},
{
"name": "7647",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"name": "1021512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021512"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "34601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34601"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6433",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "33372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33372"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"name": "51180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51180"
},
{
"name": "7647",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"name": "1021512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021512"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "34601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34601"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6433",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "33372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33372"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"name": "51180",
"refsource": "OSVDB",
"url": "http://osvdb.org/51180"
},
{
"name": "7647",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"name": "1021512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021512"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "34601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34601"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0177",
"datePublished": "2009-01-20T15:26:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0062 (GCVE-0-2007-0062)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "31396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31396"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"name": "dhcp-param-overflow(33102)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"name": "GLSA-200808-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"name": "MDVSA-2009:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "34263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "31396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31396"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"name": "dhcp-param-overflow(33102)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"name": "GLSA-200808-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"name": "MDVSA-2009:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "34263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "31396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31396"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/275.html"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0041",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"name": "dhcp-param-overflow(33102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=339561",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"name": "GLSA-200808-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"name": "MDVSA-2009:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "SUSE-SR:2009:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "34263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34263"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=227135",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0062",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3732 (GCVE-0-2009-3732)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "39110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "39110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "39110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39110"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3732",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2009-10-20T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1141 (GCVE-0-2010-1141)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "oval:org.mitre.oval:def:7020",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "oval:org.mitre.oval:def:7020",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "oval:org.mitre.oval:def:7020",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1141",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2100 (GCVE-0-2008-2100)
Vulnerability from cvelistv5
Published
2008-06-05 20:21
Modified
2024-08-07 08:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "1020200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"name": "vmware-vixapi-multiple-unspecified-bo(42872)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"name": "oval:org.mitre.oval:def:5647",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "oval:org.mitre.oval:def:5081",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"name": "29552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "1020200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"name": "vmware-vixapi-multiple-unspecified-bo(42872)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"name": "oval:org.mitre.oval:def:5647",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "oval:org.mitre.oval:def:5081",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"name": "29552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "1020200",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020200"
},
{
"name": "vmware-vixapi-multiple-unspecified-bo(42872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"name": "oval:org.mitre.oval:def:5647",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30556"
},
{
"name": "oval:org.mitre.oval:def:5081",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"name": "29552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29552"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "3922",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2100",
"datePublished": "2008-06-05T20:21:00",
"dateReserved": "2008-05-07T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1072 (GCVE-0-2009-1072)
Vulnerability from cvelistv5
Published
2009-03-25 01:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35343"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35343"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35656"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35343"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1072",
"datePublished": "2009-03-25T01:00:00",
"dateReserved": "2009-03-24T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5023 (GCVE-0-2007-5023)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "25732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious \"program.exe\" file in the C: folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "25732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious \"program.exe\" file in the C: folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "25732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25732"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5023",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-09-21T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0909 (GCVE-0-2009-0909)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021974"
},
{
"name": "oval:org.mitre.oval:def:6251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021974"
},
{
"name": "oval:org.mitre.oval:def:6251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"name": "oval:org.mitre.oval:def:6251",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0909",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-14T00:00:00",
"dateUpdated": "2024-08-07T04:57:16.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1805 (GCVE-0-2009-1805)
Vulnerability from cvelistv5
Published
2009-06-01 19:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35269"
},
{
"name": "35141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "oval:org.mitre.oval:def:6130",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "ADV-2009-1452",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"name": "1022300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35269"
},
{
"name": "35141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "oval:org.mitre.oval:def:6130",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "ADV-2009-1452",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"name": "1022300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35269"
},
{
"name": "35141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35141"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "oval:org.mitre.oval:def:6130",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "ADV-2009-1452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"name": "1022300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1805",
"datePublished": "2009-06-01T19:00:00",
"dateReserved": "2009-05-28T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3694 (GCVE-0-2008-3694)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3694",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4279 (GCVE-0-2008-4279)
Vulnerability from cvelistv5
Published
2008-10-06 18:00
Modified
2024-08-07 10:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
},
{
"name": "32157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32157"
},
{
"name": "20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html"
},
{
"name": "32179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32179"
},
{
"name": "ADV-2008-2740",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2740"
},
{
"name": "32180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"name": "vmware-esxesxi-jump-privilege-escalation(45668)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668"
},
{
"name": "31569",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31569"
},
{
"name": "1020991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020991"
},
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5929",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
},
{
"name": "32157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32157"
},
{
"name": "20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html"
},
{
"name": "32179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32179"
},
{
"name": "ADV-2008-2740",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2740"
},
{
"name": "32180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"name": "vmware-esxesxi-jump-privilege-escalation(45668)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668"
},
{
"name": "31569",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31569"
},
{
"name": "1020991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020991"
},
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5929",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
},
{
"name": "32157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32157"
},
{
"name": "20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html"
},
{
"name": "32179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32179"
},
{
"name": "ADV-2008-2740",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2740"
},
{
"name": "32180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32180"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"name": "vmware-esxesxi-jump-privilege-escalation(45668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668"
},
{
"name": "31569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31569"
},
{
"name": "1020991",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020991"
},
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5929",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4279",
"datePublished": "2008-10-06T18:00:00",
"dateReserved": "2008-09-26T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1364 (GCVE-0-2008-1364)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-dhcp-unspecified-dos(41254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "1019623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019623"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-dhcp-unspecified-dos(41254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "1019623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019623"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-dhcp-unspecified-dos(41254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "1019623",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019623"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "28289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1364",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3695 (GCVE-0-2008-3695)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3695",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3692 (GCVE-0-2008-3692)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3692",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0061 (GCVE-0-2007-0061)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "dhcp-malformed-packet-bo(33101)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers \"corrupt stack memory.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "dhcp-malformed-packet-bo(33101)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers \"corrupt stack memory.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/275.html"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "dhcp-malformed-packet-bo(33101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0061",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0967 (GCVE-0-2008-0967)
Vulnerability from cvelistv5
Published
2008-06-05 20:21
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "29557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29557"
},
{
"name": "oval:org.mitre.oval:def:4768",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020198"
},
{
"name": "vmware-vmwareauthd-privilege-escalation(42878)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
},
{
"name": "oval:org.mitre.oval:def:5583",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3922"
},
{
"name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "29557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29557"
},
{
"name": "oval:org.mitre.oval:def:4768",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020198"
},
{
"name": "vmware-vmwareauthd-privilege-escalation(42878)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
},
{
"name": "oval:org.mitre.oval:def:5583",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3922"
},
{
"name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "29557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29557"
},
{
"name": "oval:org.mitre.oval:def:4768",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
},
{
"name": "30556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020198",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020198"
},
{
"name": "vmware-vmwareauthd-privilege-escalation(42878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
},
{
"name": "oval:org.mitre.oval:def:5583",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
},
{
"name": "3922",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3922"
},
{
"name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0967",
"datePublished": "2008-06-05T20:21:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1564 (GCVE-0-2009-1564)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 05:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "63614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63614"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "36712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36712"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "20100409 VMware VMnc Codec Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39363"
},
{
"name": "1023838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023838"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-36/"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-22T09:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "63614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63614"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "36712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36712"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "20100409 VMware VMnc Codec Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39363"
},
{
"name": "1023838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023838"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-36/"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-1564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "63614",
"refsource": "OSVDB",
"url": "http://osvdb.org/63614"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "36712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36712"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "20100409 VMware VMnc Codec Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39363"
},
{
"name": "1023838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023838"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "http://secunia.com/secunia_research/2009-36/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-36/"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2009-1564",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3693 (GCVE-0-2008-3693)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3693",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4811 (GCVE-0-2009-4811)
Vulnerability from cvelistv5
Published
2010-04-27 15:00
Modified
2024-08-07 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "36630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "http://freetexthost.com/qr1tffkzpu",
"refsource": "MISC",
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4811",
"datePublished": "2010-04-27T15:00:00",
"dateReserved": "2010-04-27T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1138 (GCVE-0-2010-1138)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39203"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023836"
},
{
"name": "39395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "63607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63607"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39203"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023836"
},
{
"name": "39395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "63607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63607"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39203"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023836"
},
{
"name": "39395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39395"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "63607",
"refsource": "OSVDB",
"url": "http://osvdb.org/63607"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1138",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:05.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3731 (GCVE-0-2009-3731)
Vulnerability from cvelistv5
Published
2009-12-16 18:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webworks.com/Security/2009-0001/"
},
{
"name": "1023683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023683"
},
{
"name": "62738",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62738"
},
{
"name": "37346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37346"
},
{
"name": "38749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38749"
},
{
"name": "62742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62742"
},
{
"name": "oval:org.mitre.oval:def:5944",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944"
},
{
"name": "20100304 CA20100304-01: Security Notice for CA SiteMinder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded"
},
{
"name": "62741",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62741"
},
{
"name": "38842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38842"
},
{
"name": "62739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62739"
},
{
"name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html"
},
{
"name": "62740",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webworks.com/Security/2009-0001/"
},
{
"name": "1023683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023683"
},
{
"name": "62738",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62738"
},
{
"name": "37346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37346"
},
{
"name": "38749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38749"
},
{
"name": "62742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62742"
},
{
"name": "oval:org.mitre.oval:def:5944",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944"
},
{
"name": "20100304 CA20100304-01: Security Notice for CA SiteMinder",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded"
},
{
"name": "62741",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62741"
},
{
"name": "38842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38842"
},
{
"name": "62739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62739"
},
{
"name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html"
},
{
"name": "62740",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html"
},
{
"name": "http://www.webworks.com/Security/2009-0001/",
"refsource": "CONFIRM",
"url": "http://www.webworks.com/Security/2009-0001/"
},
{
"name": "1023683",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023683"
},
{
"name": "62738",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62738"
},
{
"name": "37346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37346"
},
{
"name": "38749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38749"
},
{
"name": "62742",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62742"
},
{
"name": "oval:org.mitre.oval:def:5944",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944"
},
{
"name": "20100304 CA20100304-01: Security Notice for CA SiteMinder",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded"
},
{
"name": "62741",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62741"
},
{
"name": "38842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38842"
},
{
"name": "62739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62739"
},
{
"name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html"
},
{
"name": "62740",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3731",
"datePublished": "2009-12-16T18:00:00",
"dateReserved": "2009-10-20T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3589 (GCVE-0-2006-3589)
Vulnerability from cvelistv5
Published
2006-07-19 23:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
},
{
"name": "19060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19060"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "21120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21120"
},
{
"name": "1016536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
},
{
"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"
},
{
"name": "ADV-2006-2880",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2880"
},
{
"name": "19062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19062"
},
{
"name": "20070110 VMware ESX server security updates",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
},
{
"name": "27418",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27418"
},
{
"name": "vmware-vmwareconfig-file-permissions(27881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/2467205"
},
{
"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
},
{
"name": "19060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19060"
},
{
"name": "23680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23680"
},
{
"name": "21120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21120"
},
{
"name": "1016536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
},
{
"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"
},
{
"name": "ADV-2006-2880",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2880"
},
{
"name": "19062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19062"
},
{
"name": "20070110 VMware ESX server security updates",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
},
{
"name": "27418",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27418"
},
{
"name": "vmware-vmwareconfig-file-permissions(27881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/2467205"
},
{
"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
},
{
"name": "19060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19060"
},
{
"name": "23680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23680"
},
{
"name": "21120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21120"
},
{
"name": "1016536",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016536"
},
{
"name": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
},
{
"name": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
},
{
"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"
},
{
"name": "ADV-2006-2880",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2880"
},
{
"name": "19062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19062"
},
{
"name": "20070110 VMware ESX server security updates",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
},
{
"name": "27418",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27418"
},
{
"name": "vmware-vmwareconfig-file-permissions(27881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"
},
{
"name": "http://kb.vmware.com/kb/2467205",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/2467205"
},
{
"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"
},
{
"name": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3589",
"datePublished": "2006-07-19T23:00:00",
"dateReserved": "2006-07-13T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1362 (GCVE-0-2008-1362)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1362",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0910 (GCVE-0-2009-0910)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "oval:org.mitre.oval:def:5786",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "oval:org.mitre.oval:def:5786",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "oval:org.mitre.oval:def:5786",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"name": "1021974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0910",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-14T00:00:00",
"dateUpdated": "2024-08-07T04:57:16.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3707 (GCVE-0-2009-3707)
Vulnerability from cvelistv5
Published
2009-10-16 16:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "1022997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022997"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "36988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36988"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "1022997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022997"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "36988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36988"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "36630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "1022997",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022997"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html",
"refsource": "MISC",
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "36988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36988"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php",
"refsource": "MISC",
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"name": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt",
"refsource": "MISC",
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3707",
"datePublished": "2009-10-16T16:00:00",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3733 (GCVE-0-2009-3733)
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "oval:org.mitre.oval:def:7822",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822"
},
{
"name": "ADV-2009-3062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "1023089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023089"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "36842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36842"
},
{
"name": "37186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37186"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "1023088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "oval:org.mitre.oval:def:7822",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822"
},
{
"name": "ADV-2009-3062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "1023089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023089"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "36842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36842"
},
{
"name": "37186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37186"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "1023088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "oval:org.mitre.oval:def:7822",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822"
},
{
"name": "ADV-2009-3062",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "1023089",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023089"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "36842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36842"
},
{
"name": "37186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37186"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "1023088",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023088"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3733",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-20T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2267 (GCVE-0-2009-2267)
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2009-3062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "1023082",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023082"
},
{
"name": "36841",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"name": "oval:org.mitre.oval:def:8473",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"name": "1023083",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"name": "37172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2009-3062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "1023082",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023082"
},
{
"name": "36841",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"name": "oval:org.mitre.oval:def:8473",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"name": "1023083",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"name": "37172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2009-3062",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "1023082",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023082"
},
{
"name": "36841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36841"
},
{
"name": "oval:org.mitre.oval:def:8473",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"name": "1023083",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023083"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"name": "37172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2267",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4917 (GCVE-0-2008-4917)
Vulnerability from cvelistv5
Published
2008-12-09 00:00
Modified
2024-08-07 10:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1006980"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6246",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"
},
{
"name": "32965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1006986"
},
{
"name": "20081203 Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"
},
{
"name": "1021301",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021301"
},
{
"name": "1021300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021300"
},
{
"name": "32597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1006980"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6246",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"
},
{
"name": "32965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1006986"
},
{
"name": "20081203 Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"
},
{
"name": "1021301",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021301"
},
{
"name": "1021300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021300"
},
{
"name": "32597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "http://kb.vmware.com/kb/1006980",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1006980"
},
{
"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6246",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"
},
{
"name": "32965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32965"
},
{
"name": "http://kb.vmware.com/kb/1006986",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1006986"
},
{
"name": "20081203 Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"
},
{
"name": "1021301",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021301"
},
{
"name": "1021300",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021300"
},
{
"name": "32597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4917",
"datePublished": "2008-12-09T00:00:00",
"dateReserved": "2008-11-03T00:00:00",
"dateUpdated": "2024-08-07T10:31:28.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4915 (GCVE-0-2008-4915)
Vulnerability from cvelistv5
Published
2008-11-10 11:00
Modified
2024-08-07 10:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6309",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "32168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"name": "[Security-announce] 20081106 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"name": "1021154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"name": "20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"name": "32612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32612"
},
{
"name": "32624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32624"
},
{
"name": "vmware-cpuhardware-priv-escalation(46415)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"name": "ADV-2008-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6309",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "32168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"name": "[Security-announce] 20081106 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"name": "1021154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"name": "20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"name": "32612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32612"
},
{
"name": "32624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32624"
},
{
"name": "vmware-cpuhardware-priv-escalation(46415)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"name": "ADV-2008-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6309",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "32168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32168"
},
{
"name": "[Security-announce] 20081106 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"name": "1021154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021154"
},
{
"name": "20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"name": "32612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32612"
},
{
"name": "32624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32624"
},
{
"name": "vmware-cpuhardware-priv-escalation(46415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"name": "ADV-2008-3052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4915",
"datePublished": "2008-11-10T11:00:00",
"dateReserved": "2008-11-03T00:00:00",
"dateUpdated": "2024-08-07T10:31:28.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1142 (GCVE-0-2010-1142)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39394"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39394"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39394"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"name": "1023833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1142",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4496 (GCVE-0-2007-4496)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "25728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "25728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "25728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25728"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4496",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-08-22T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1193 (GCVE-0-2010-1193)
Vulnerability from cvelistv5
Published
2010-04-01 19:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1193",
"datePublished": "2010-04-01T19:00:00",
"dateReserved": "2010-03-30T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0686 (GCVE-0-2010-0686)
Vulnerability from cvelistv5
Published
2010-04-01 19:00
Modified
2024-08-07 00:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a \"URL forwarding vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a \"URL forwarding vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39037"
},
{
"name": "[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"name": "1023769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0686",
"datePublished": "2010-04-01T19:00:00",
"dateReserved": "2010-02-22T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1139 (GCVE-0-2010-1139)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39407"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "63606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63606"
},
{
"name": "39201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39201"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "1023835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023835"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39407"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "63606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63606"
},
{
"name": "39201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39201"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "1023835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023835"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39407"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "63606",
"refsource": "OSVDB",
"url": "http://osvdb.org/63606"
},
{
"name": "39201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39201"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "1023835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023835"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1139",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1146 (GCVE-0-2009-1146)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6310",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "1021977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6310",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "1021977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6310",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "1021977",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021977"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1146",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4294 (GCVE-0-2010-4294)
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45169"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "69596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69596"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45169"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "69596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69596"
},
{
"name": "1024819",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"name": "45169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45169"
},
{
"name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"name": "69596",
"refsource": "OSVDB",
"url": "http://osvdb.org/69596"
},
{
"name": "1024819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"name": "42482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42482"
},
{
"name": "ADV-2010-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4294",
"datePublished": "2010-12-06T21:00:00",
"dateReserved": "2010-11-18T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1147 (GCVE-0-2009-1147)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5471",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5471",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5471",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1147",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3698 (GCVE-0-2008-3698)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "30936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-openprocess-privilege-escalation(44795)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1020790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "30936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-openprocess-privilege-escalation(44795)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1020790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "30936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30936"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-openprocess-privilege-escalation(44795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1020790",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020790"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3698",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3691 (GCVE-0-2008-3691)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3691",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1244 (GCVE-0-2009-1244)
Vulnerability from cvelistv5
Published
2009-04-13 16:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-virtualmachine-code-execution(49834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"name": "34471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"name": "1022031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022031"
},
{
"name": "53634",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53634"
},
{
"name": "oval:org.mitre.oval:def:6065",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-virtualmachine-code-execution(49834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"name": "34471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"name": "1022031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022031"
},
{
"name": "53634",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53634"
},
{
"name": "oval:org.mitre.oval:def:6065",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-virtualmachine-code-execution(49834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"name": "34471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34471"
},
{
"name": "1022031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022031"
},
{
"name": "53634",
"refsource": "OSVDB",
"url": "http://osvdb.org/53634"
},
{
"name": "oval:org.mitre.oval:def:6065",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1244",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | Exploit | |
| cve@mitre.org | http://www.securitytracker.com/id?1021974 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021974 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en VNnc Codec en VMware Workstation 6.5.x versiones anteriores a v6.5.2 build 156735, VMware Player 2.5.x versiones anteriores a v2.5.2 build 156735, VMware ACE 2.5.x versiones anteriores a v2.5.2 build 156735, y VMware Server 2.0.x versiones anteriores a v2.0.1 build 156745 permite ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un p\u00e1gina web manipulada o fichero de video, tambi\u00e9n conocido como ZDI-CVE-436."
}
],
"id": "CVE-2009-0910",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-06T15:30:04.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-20 16:00
Modified
2025-04-09 00:30
Severity ?
Summary
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch | |
| cve@mitre.org | http://osvdb.org/51180 | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://secunia.com/advisories/33372 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34601 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | Exploit | |
| cve@mitre.org | http://www.securitytracker.com/id?1021512 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0024 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/7647 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/51180 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33372 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34601 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021512 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0024 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/7647 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 2.5.0 | |
| vmware | fusion | * | |
| vmware | server | 2.0.0 | |
| vmware | vmware_player | * | |
| vmware | vmware_player | 1.0.0 | |
| vmware | vmware_player | 1.0.1 | |
| vmware | vmware_player | 1.0.2 | |
| vmware | vmware_player | 1.0.3 | |
| vmware | vmware_player | 1.0.4 | |
| vmware | vmware_player | 1.0.6 | |
| vmware | vmware_player | 1.0.7 | |
| vmware | vmware_player | 1.0.8 | |
| vmware | vmware_player | 1.0.9 | |
| vmware | vmware_player | 1.05 | |
| vmware | vmware_player | 2.0 | |
| vmware | vmware_player | 2.0.1 | |
| vmware | vmware_player | 2.0.2 | |
| vmware | vmware_player | 2.0.3 | |
| vmware | vmware_player | 2.0.4 | |
| vmware | vmware_player | 2.0.5 | |
| vmware | vmware_player | 2.5 | |
| vmware | vmware_workstation | * | |
| vmware | vmware_workstation | 4.5.3 | |
| vmware | vmware_workstation | 5.0 | |
| vmware | vmware_workstation | 5.5.0 | |
| vmware | vmware_workstation | 5.5.1 | |
| vmware | vmware_workstation | 5.5.2 | |
| vmware | vmware_workstation | 5.5.3 | |
| vmware | vmware_workstation | 5.5.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 5.5.6 | |
| vmware | vmware_workstation | 5.5.7 | |
| vmware | vmware_workstation | 5.5.8 | |
| vmware | vmware_workstation | 6.0 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | vmware_workstation | 6.0.3 | |
| vmware | vmware_workstation | 6.0.4 | |
| vmware | vmware_workstation | 6.0.5 | |
| vmware | vmware_workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4004A38A-01A6-41BE-84EB-1D7C7FAD0214",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318D5F4B-48C5-4214-B60C-9A2EEEF44835",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5E684965-43F7-4A51-850F-4C88F42940E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "357B60EC-C5F1-4FA4-B4AF-F81298479D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "933562E3-B6D5-4250-A07B-AB8437ED4D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "09F23F68-6853-4862-99CB-4F214816358F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBF6B0-5E0A-4F62-82C7-D9861D0F5F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "43282BF6-665C-4F77-8E95-487523863965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FFF490-8AA9-4296-99F0-DC57E5D4F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC850AB-7728-4EE3-9EB5-E1E4D7338202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1CA212-4114-4D45-B746-9C2AAF60CFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5085E31D-7472-408B-A85D-90337407A24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D57F024-3484-4EEA-8F9E-08A1AE5E3D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13D82E91-181E-4E7D-943D-6FC74D40CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21C496BC-404A-4C23-A0CB-DEE8BB8550A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8EF66E7-ECDA-40F9-9070-5857D2DEF818",
"versionEndIncluding": "6.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0790DFEB-3ADE-4057-BA9D-025BD5F5B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "433C05BD-1CAC-4F40-9F69-D0333C5F0E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6811B662-07E0-4B95-BFC6-C87C02110C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EAB3D2-79EE-43A3-8A08-3E8140C1B1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE15637B-FAE4-4FC7-8F45-B3B1554F8F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E1F0A2-8791-4627-8583-55B2A67D2F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3767CDDC-DF72-4AAE-B544-D2DFE02A199D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "640130AA-C905-4DD6-97BD-ABA90705F0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B1FF0-80DC-433B-9298-346225060808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0ECA0396-CBCA-4D21-BD9A-EFCE24D616D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94533C3D-8767-44DB-ABF7-B991C3E47858",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
},
{
"lang": "es",
"value": "En la biblioteca vmwarebase.dll, tal y como es usado en el servicio vmware-authd (tambi\u00e9n se conoce como vmware-authd.exe), en VMware Workstation versi\u00f3n 6.5.1 build 126130, versi\u00f3n 6.5.1 y anteriores; VMware Player versi\u00f3n 2.5.1 build 126130, versi\u00f3n 2.5.1 y anteriores; VMware ACE versi\u00f3n 2.5.1 y anteriores; VMware Server versiones 2.0.x anteriores a 2.0.1 build 156745; y VMware Fusion anterior a versi\u00f3n 2.0.2 build 147997, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un comando largo (1) USUARIO o (2) PASS."
}
],
"id": "CVE-2009-0177",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-20T16:00:09.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51180"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33372"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34601"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021512"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/3755 | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1019622 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41252 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019622 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41252 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E913C6E9-454D-4FE7-B22B-F24E194F5CE2",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "310A0A72-A709-407D-A68D-24EF59EEC553",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841FDCE0-8D59-4AE6-8996-5BFD8736DA86",
"versionEndExcluding": "1.0.6",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D86484E-0D38-49BC-9C80-688A83F80345",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "517722B0-4E12-4A3B-A35B-2A88DA6D30A9",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C0BDA4-C4AE-4C91-A8D3-A965CCCE3C2E",
"versionEndExcluding": "5.5.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76907A90-590B-4FBA-977E-CCF19F6F405F",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for \"hijacking the VMX process.\""
},
{
"lang": "es",
"value": "VMware Workstation versiones 6.0.x anteriores a 6.0.3 y versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y versiones 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales obtener privilegios mediante una modificaci\u00f3n no especificada del fichero config.ini localizado en la carpeta de Datos de Aplicaci\u00f3n, que puede ser usado para \"secuestrar el proceso VMX\"."
}
],
"id": "CVE-2008-1363",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-06 21:05
Modified
2025-04-11 00:51
Severity ?
Summary
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | Mailing List, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/69584 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/42453 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/42482 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/514995/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/45168 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1024819 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1024820 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/3116 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/69584 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42453 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42482 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/514995/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45168 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024819 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024820 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3116 | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 | |
| vmware | workstation | 7.1 | |
| vmware | workstation | 7.1.1 | |
| vmware | workstation | 7.1.2 | |
| linux | linux_kernel | - | |
| vmware | player | 3.1 | |
| vmware | player | 3.1.1 | |
| vmware | player | 3.1.2 | |
| linux | linux_kernel | - | |
| vmware | server | 2.0.2 | |
| linux | linux_kernel | - | |
| vmware | fusion | 3.1 | |
| vmware | fusion | 3.1.1 | |
| vmware | fusion | 3.1.2 | |
| apple | mac_os_x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99ADA116-A571-4788-8DF2-09E8A2AF92F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C174C452-7249-4B26-9F26-DFE9B3476874",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "051D820C-E5F4-4DA2-8914-5A33FCFF2D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69FFA61C-2258-4006-AECA-D324F5700990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50D2840A-5AF2-4AC4-9243-07CE93E9E9B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files."
},
{
"lang": "es",
"value": "vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build 301548 en Linux, VMware Server 2.0.2 en Linux, y VMware Fusion 3.1.x anteriores a la 3.1.2 build 332101 no carga apropiadamente las librer\u00edas, lo que permite a los usuarios del SO base escalar privilegios a trav\u00e9s de vectores que involucran ficheros objeto compartidos."
}
],
"id": "CVE-2010-4296",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-06T21:05:49.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/69584"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42453"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45168"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/69584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000042.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32612 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32624 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/498138/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/32168 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1021154 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0018.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/3052 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/46415 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000042.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32612 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32624 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/498138/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32168 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021154 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0018.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/3052 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/46415 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "303FD815-1A0D-41ED-AD0E-91BFC82C6E3B",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "403B0C68-7F85-438C-95E2-5B6FDCF00E7C",
"versionEndIncluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFBA799-7EC3-4DE3-BF3C-FA7C1C1E7632",
"versionEndIncluding": "3.5",
"versionStartIncluding": "2.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44A6CE08-8BAB-4BCC-87AE-FA433CD1AC67",
"versionEndIncluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8737EE-4163-4B99-873A-21FC9748087A",
"versionEndIncluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39E558-D6F4-4271-848C-E87A2CAD4A33",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA048E-E58D-481F-BE83-FF26795A0F7C",
"versionEndIncluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1598C125-3339-4917-BCB6-A7F361887E15",
"versionEndIncluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS."
},
{
"lang": "es",
"value": "Una vulnerabilidad sin especificar en la emulaci\u00f3n de hardware de CPU en sistemas operativos internos de 32-bit y 64-bit, en VMware Workstation v6.0.5 y anteriores; Player v2.0.x a la v2.0.5 y v1.0.x a la v1.0.8; ACE v2.0.x a la v2.0.5 y anteriores, y v1.0.x a la v1.0.7; Server v1.0.x a la v1.0.7; ESX v2.5.4 a la v3.5; y ESXi v3.5; no maneja de forma adecuada el flag Trap, que permite a usuarios del sistema operativo (SO) hu\u00e9sped obtener privilegios en el SO hu\u00e9sped."
}
],
"id": "CVE-2008-4915",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-10T14:12:55.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32612"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32624"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/25732 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25732 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A98FBF6-45D0-48BC-8E24-8C7F136F53AB",
"versionEndIncluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF86A1B-FC17-4CB4-9F3C-726491C117BB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA625B0B-2837-4B5A-9B36-FC77CF0748AC",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "574C5392-7607-4F34-A661-CF618AA52BC4",
"versionEndIncluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F4F51-A9B8-4CA9-AE2C-458E61DB9D47",
"versionEndIncluding": "5.5.5",
"versionStartIncluding": "5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40975D44-E804-4A1C-9577-18D7DE1051E5",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious \"program.exe\" file in the C: folder."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta (path) de b\u00fasqueda de Windows sin comillas en EMC VMware Workstation versiones anteriores a 5.5.5 Build 56455 y versiones 6.x anteriores a 6.0.1 Build 55017, Player versiones anteriores a 1.0.5 Build 56455 y Player versiones 2 anteriores a 2.0.1 Build 55017, ACE versiones anteriores a 1.0.3 Build 54075 y Server versiones anteriores a 1.0.4 Build 56528, permite a usuarios locales alcanzar privilegios por medio de vectores de ataque no especificados, posiblemente involucrando a un archivo malicioso \"program.exe\" en la carpeta C:."
}
],
"id": "CVE-2007-5023",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019621 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41259 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019621 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41259 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
},
{
"lang": "es",
"value": "VMware Workstation versiones 6.0.x anteriores a 6.0.3 y versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y versiones 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales conseguir privilegios o provocar una denegaci\u00f3n de servicio utilizando la suplantaci\u00f3n del proceso authd a trav\u00e9s de un uso no especificado de una \"tuber\u00eda de nombres creada de forma no segura\", siendo una vulnerabilidad diferente que CVE-2008-1361."
}
],
"id": "CVE-2008-1362",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-06 21:05
Modified
2025-04-11 00:51
Severity ?
Summary
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | Mailing List, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/69585 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/42453 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/42482 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/514995/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/45167 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1024819 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1024820 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/3116 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/69585 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42453 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42482 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/514995/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45167 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024819 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024820 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3116 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 | |
| vmware | workstation | 7.1 | |
| vmware | workstation | 7.1.1 | |
| vmware | workstation | 7.1.2 | |
| linux | linux_kernel | - | |
| vmware | player | 3.1 | |
| vmware | player | 3.1.1 | |
| vmware | player | 3.1.2 | |
| linux | linux_kernel | - | |
| vmware | server | 2.0.2 | |
| linux | linux_kernel | - | |
| vmware | fusion | 3.1 | |
| vmware | fusion | 3.1.1 | |
| vmware | fusion | 3.1.2 | |
| apple | mac_os_x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99ADA116-A571-4788-8DF2-09E8A2AF92F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C174C452-7249-4B26-9F26-DFE9B3476874",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "051D820C-E5F4-4DA2-8914-5A33FCFF2D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69FFA61C-2258-4006-AECA-D324F5700990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50D2840A-5AF2-4AC4-9243-07CE93E9E9B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el proceso de montaje de vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build 301548 en Linux, VMware Server 2.0.2 en Linux, y VMware Fusion 3.1.x anteriores a la 3.1.2 build 332101 permite a usuarios del SO anfitri\u00f3n escalar privilegios a trav\u00e9s de vectores que involucran archivos temporales."
}
],
"id": "CVE-2010-4295",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-06T21:05:49.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/69585"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42453"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45167"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/69585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1024820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39198 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt | ||
| cve@mitre.org | http://www.securityfocus.com/bid/39394 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023832 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023833 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39394 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023833 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| microsoft | windows | * | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| microsoft | windows | * | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| microsoft | windows | * | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| microsoft | windows | * | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 3.0 | |
| microsoft | windows | * | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| microsoft | windows | * | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7268F-A170-4366-9196-E73A956883DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B037838B-072E-4676-9E5D-86F5BC207512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk."
},
{
"lang": "es",
"value": "VMware Tools en VMware Workstation v6.5.x anterior v6.5.4 build 246459; VMware Player v2.5.x anterior v2.5.4 build 246459; VMware ACE v2.5.x anterior v2.5.4 build 246459; VMware Server v2.x anterior v2.0.2 build 203138; VMware Fusion v2.x anterior v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX v2.5.5, v3.0.3, v3.5, y v4.0 no cargan adecuadamente los programas VMware, lo que puede permitir a usuarios de petici\u00f3n de sistemas operativos Windows obtener privilegios estableciendo un troyano en una direcci\u00f3n no especificada en el disco de petici\u00f3n OS."
}
],
"id": "CVE-2010-1142",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T18:30:00.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-09 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.vmware.com/kb/1006980 | Patch, Vendor Advisory | |
| cve@mitre.org | http://kb.vmware.com/kb/1006986 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32965 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1021300 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://securitytracker.com/id?1021301 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/498863/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/498886/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/32597 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.vmware.com/kb/1006980 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.vmware.com/kb/1006986 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32965 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1021300 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1021301 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/498863/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/498886/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32597 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA6F7DC-90D0-40C4-A8CA-765125102DD3",
"versionEndIncluding": "3.5",
"versionStartIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44A6CE08-8BAB-4BCC-87AE-FA433CD1AC67",
"versionEndIncluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8737EE-4163-4B99-873A-21FC9748087A",
"versionEndIncluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE92595D-2632-432D-A705-B1F21FA2AE4C",
"versionEndIncluding": "1.0.9",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA048E-E58D-481F-BE83-FF26795A0F7C",
"versionEndIncluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1598C125-3339-4917-BCB6-A7F361887E15",
"versionEndIncluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en VMware Workstation v5.5.8 y anteriores, y v6.0.5 y anteriores, versiones v6.x; VMware Player v1.0.8 y anteriores, y v2.0.5 y versiones anteriores a v2.x; VMware Server v1.0.9 y anteriores; VMware ESXi v3.5; y VMware ESX v3.0.2 a la v3.5, permite a los usuarios del sistema operativo hu\u00e9sped tener un impacto desconocido mediante el env\u00edo de una petici\u00f3n de hardware que lanza una operaci\u00f3n de escritura f\u00edsica de la memoria, permitiendo una corrupci\u00f3n de memoria."
}
],
"id": "CVE-2008-4917",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-09T00:30:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kb.vmware.com/kb/1006980"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.vmware.com/kb/1006986"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32965"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1021300"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1021301"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32597"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kb.vmware.com/kb/1006980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.vmware.com/kb/1006986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1021300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1021301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019624 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/28289 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41250 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28289 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41250 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger \"memory exhaustion and memory corruption.\""
},
{
"lang": "es",
"value": "Virtual Machine Communication Interface (VMCI) en VMware Workstation versiones 6.0.x anteriores a 6.0.3, VMware Player versiones 2.0.x anterirores a 2.0.3, y VMware ACE versiones 2.0.x anteriores a 2.0.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema operativo del servidor) mediante llamadas VMCI especialmente construidas que provocan el agotamiento y la corrupci\u00f3n de la memoria."
}
],
"id": "CVE-2008-1340",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019624"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-16 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| cve@mitre.org | http://secunia.com/advisories/36988 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | ||
| cve@mitre.org | http://secunia.com/advisories/39215 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1022997 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36630 | ||
| cve@mitre.org | http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt | URL Repurposed | |
| cve@mitre.org | http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php | URL Repurposed | |
| cve@mitre.org | http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html | Exploit, URL Repurposed | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36988 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1022997 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36630 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html | Exploit, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| vmware | ace | 2.5.4 | |
| vmware | ace | 2.6 | |
| vmware | ace | 2.6.1 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | player | 2.5.4 | |
| vmware | player | 3.0 | |
| vmware | player | 3.0.1 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | workstation | 6.5.4 | |
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB84B42-8C68-4B65-93F9-287B699B7540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3997440A-B731-4F26-A90B-BB14A8F93E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656039E8-8082-4208-B046-518D95769B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3684F0D0-B8BE-442B-AA27-0A485E6BFFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "VMware Authentication Daemon versi\u00f3n 1.0 en el archivo vmware-authd.exe en el Servicio de Autorizaci\u00f3n de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del proceso) por medio de una secuencia de \\x25\\xFF en los comandos USER y PASS, relacionada con un problema de \"format string DoS\". NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-3707",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-16T16:30:00.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36988"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39215"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022997"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-21 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70570166-46AD-46EB-9B1E-769068AAA6EE",
"versionEndIncluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en VMware Server versiones anteriores a 1.0.4 causa que las contrase\u00f1as de usuario se registren en texto sin cifrar en los registros del servidor, lo que podr\u00eda permitir a usuarios locales alcanzar privilegios."
}
],
"id": "CVE-2007-5619",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-21T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25728 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25728 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A98FBF6-45D0-48BC-8E24-8C7F136F53AB",
"versionEndIncluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4028C2-4A8A-41E3-9B58-5E48CEFC7F99",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF86A1B-FC17-4CB4-9F3C-726491C117BB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA625B0B-2837-4B5A-9B36-FC77CF0748AC",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "574C5392-7607-4F34-A661-CF618AA52BC4",
"versionEndIncluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F4F51-A9B8-4CA9-AE2C-458E61DB9D47",
"versionEndIncluding": "5.5.5",
"versionStartIncluding": "5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40975D44-E804-4A1C-9577-18D7DE1051E5",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en EMC VMware Workstation anterior a 5.5.5 construcci\u00f3n 56455 and 6.x anterior a 6.0.1 construcci\u00f3n 55017, Player anterior a 1.0.5 construcci\u00f3n 56455 and Player 2 anterior a 2.0.1 construcci\u00f3n 55017, ACE anterior a 1.0.3 construcci\u00f3n 54075 and ACE 2 anterior a 2.0.1 construcci\u00f3n 55017, and Server anterior a 1.0.4 construcci\u00f3n 56528 permite a usuarios validados con privilegios de administrador sobre un sistema operativo invitado corromper su memoria y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n sobre el sistema operativo alojador a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-4496",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 2.5,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-05 20:32
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/30556 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/3922 | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1020200 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/493080/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/29552 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1744 | Permissions Required | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/42872 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081 | Third Party Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30556 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3922 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020200 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493080/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29552 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1744 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/42872 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | esx_server | 3.0 | |
| vmware | esx_server | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | fusion | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| vmware | esx | 3.0.2 | |
| vmware | esx | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C67E8ABD-4BC9-4A68-A1A8-517574B54FBB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13B407FC-39E6-4504-AA38-28F45B10B462",
"versionEndIncluding": "2.0.3",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE184CF-CD55-4F32-9294-A680A4DD3870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AE1C86-62E7-470E-BB1B-1AAEE3192D91",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "093FA9F6-A59D-4C09-B133-002573AB05BA",
"versionEndIncluding": "1.0.6",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318E110E-C2E3-4332-BD84-7ABBFBF2309B",
"versionEndIncluding": "2.0.3",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC0931F-7BB8-4CFD-9533-A62367661810",
"versionEndIncluding": "1.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E456E5A-C2F5-4FA1-94F0-2BBD81A766D5",
"versionEndIncluding": "5.5.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED2686-C461-4C16-A50F-D56E369879CC",
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFD8D25-7FDF-48DF-8728-5875C44FFB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, y VMware ESX 3.0.1 hasta la 3.5, permite a los usuarios del sistema hu\u00e9sped, ejecutar c\u00f3digo arbitrario en el sistema anfitri\u00f3n a trav\u00e9s de vectores no espec\u00edficos.\r\n"
}
],
"id": "CVE-2008-2100",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-05T20:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-06 21:05
Modified
2025-04-11 00:51
Severity ?
Summary
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | ||
| cve@mitre.org | http://osvdb.org/69590 | ||
| cve@mitre.org | http://secunia.com/advisories/42480 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/42482 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/514995/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/45166 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1024819 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1024820 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/3116 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/69590 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42480 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42482 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/514995/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45166 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024819 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024820 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3116 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | workstation | 6.5.5 | |
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 | |
| vmware | workstation | 7.1 | |
| vmware | workstation | 7.1.1 | |
| vmware | workstation | 7.1.2 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | player | 2.5.4 | |
| vmware | player | 2.5.5 | |
| vmware | player | 3.1 | |
| vmware | player | 3.1.1 | |
| vmware | player | 3.1.2 | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 2.0.6 | |
| vmware | fusion | 2.0.7 | |
| vmware | fusion | 2.0.8 | |
| vmware | fusion | 3.1 | |
| vmware | fusion | 3.1.1 | |
| vmware | fusion | 3.1.2 | |
| vmware | server | 2.0.2 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.1 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | esx | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A172221-19AB-4F7D-AA28-94AD5A6EFBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99ADA116-A571-4788-8DF2-09E8A2AF92F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656039E8-8082-4208-B046-518D95769B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "80003D5E-B63F-4635-94ED-706375A4F86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C174C452-7249-4B26-9F26-DFE9B3476874",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C47EB8-8844-4D49-9246-008F7AE45C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8C27806A-7AC9-4B7A-97EA-602FDB1C96CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90CA88D9-52D8-4365-9DEB-7FB36A6A86A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "051D820C-E5F4-4DA2-8914-5A33FCFF2D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69FFA61C-2258-4006-AECA-D324F5700990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50D2840A-5AF2-4AC4-9243-07CE93E9E9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C9E205-87EE-4CE2-A252-DED7BB6D4EAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a \"command injection\" issue."
},
{
"lang": "es",
"value": "La funcionalidad actualizar de VMware Tools en VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548; VMware Player 2.5.x anteriores a la 2.5.5 build 328052 y 3.1.x anteriores a la 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x anteriores a la 2.0.8 build 328035 y 3.1.x anteriores a la 3.1.2 build 332101; VMware ESXi 3.5, 4.0, y 4.1; y VMware ESX 3.0.3, 3.5, 4.0, y 4.1 permite a los usuarios del SO base escalar privilegios en el SO invitado a trav\u00e9s de vectores sin especificar. Relacionado con inyecciones de comandos."
}
],
"id": "CVE-2010-4297",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-06T21:05:49.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/69590"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42480"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45166"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/69590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-21 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/28289 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28289 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAB76F0-194A-49C2-9B11-40626D5FE144",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35A00737-2932-4877-8E02-1F9534C6FBAE",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E09F612-579E-43BA-95C6-7D910A0CFA56",
"versionEndExcluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27920879-1408-4514-BA3F-B31DD69FACA2",
"versionEndExcluding": "5.5.5",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACA1016-EAC5-4210-ABDC-C2499F2841EA",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs."
},
{
"lang": "es",
"value": "Una ruta de b\u00fasqueda en Windows sin cerrar las comillas en el servicio Authorization y en otros servicios en el VMware Player 1.0.x anterior al 1.0.5 y el 2.0 anterior al 2.0.1, en el VMware Server anterior al 1.0.4; y en el Workstation 5.x anterior al 5.5.5 y el 6.x anterior al 6.0.1, puede permitir a usuarios locales obtener privilegios a trav\u00e9s de programas maliciosos."
}
],
"id": "CVE-2007-5618",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-21T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, y CVE-2008-3696."
}
],
"id": "CVE-2008-3695",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| PSIRT-CNA@flexerasoftware.com | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| PSIRT-CNA@flexerasoftware.com | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/36712 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/39206 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/39215 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2009-37/ | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://www.osvdb.org/63615 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/39364 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securitytracker.com/id?1023838 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36712 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2009-37/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/63615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39364 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023838 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | movie_decoder | 6.5.3 | |
| microsoft | windows | * | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to \"integer truncation errors.\""
},
{
"lang": "es",
"value": "vmnc.dll en el codec multimedia VMnc anteriores a v6.5.4 Build 246459 en Windows, y el decodificados de video en VMware Workstation v6.5.x anteriores a v6.5.4 build 246459, VMware Player v2.5.x anteriores a v2.5.4 build 246459, y VMware Server v2.x en Windows, permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a traves de un fichero avi con trozos de v\u00eddeo codificado HexTile manipulado lo que inicia un desbordamiento de b\u00fafer de memoria din\u00e1mica, relacionado con los errores de truncado de entero."
}
],
"id": "CVE-2009-1565",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-12T18:30:00.383",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36712"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-37/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/63615"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/39364"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1023838"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-37/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/63615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-02 10:18
Modified
2025-04-03 01:03
Severity ?
Summary
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://securitytracker.com/id?1016200 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/435709/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/18236 | ||
| cve@mitre.org | http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2104 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/26879 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016200 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435709/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18236 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2104 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26879 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges."
}
],
"id": "CVE-2006-2662",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-02T10:18:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016200"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435709/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18236"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2104"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435709/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-01 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000086.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/39037 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023769 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000086.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39037 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023769 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0005.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess en VMware Server 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores relacionados con mensajes de error JSQN."
}
],
"id": "CVE-2010-1193",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-01T19:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39037"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023769"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-25 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34422 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/34432 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/34786 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35121 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35185 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35343 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35390 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35394 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35656 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/37471 | Broken Link | |
| cve@mitre.org | http://thread.gmane.org/gmane.linux.kernel/805280 | Broken Link | |
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1800 | Third Party Advisory | |
| cve@mitre.org | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 | Broken Link | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/03/23/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-1081.html | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/34205 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-793-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0802 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/49356 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314 | Third Party Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34422 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34432 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34786 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35121 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35185 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35343 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35390 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35394 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35656 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37471 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://thread.gmane.org/gmane.linux.kernel/805280 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1800 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/03/23/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1081.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34205 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-793-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0802 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49356 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| vmware | vcenter_server | 4.0 | |
| vmware | virtualcenter | 2.0.2 | |
| vmware | virtualcenter | 2.5 | |
| microsoft | windows | - | |
| vmware | server | 2.0.0 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | vma | 4.0 | |
| redhat | enterprise_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2735F338-6C83-49C7-8DA0-E4754BE828E4",
"versionEndExcluding": "2.6.28.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D467EE9D-6A1F-4462-9BDA-C68B7EE375E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF5385-64AA-48AD-A5FE-25918E4F07D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
},
{
"lang": "es",
"value": "nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petici\u00f3n de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opci\u00f3n root_squash."
}
],
"id": "CVE-2009-1072",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-25T01:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34422"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34432"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34786"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35121"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35185"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35343"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35390"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35394"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35656"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG, via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1081.html .\n\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 2.1 and 3, due to these products being in Production 3 of their maintenance life-cycles, where only qualified security errata of important or critical impact are addressed.\n\nFor further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ .",
"lastModified": "2009-09-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019621 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | Patch | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41257 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019621 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41257 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.0 | |
| vmware | vmware_server | 1.0.1 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.3 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA04700-CF35-43CA-AD4E-BB93E206FDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362."
},
{
"lang": "es",
"value": "VMware Workstation versiones 6.0.x anteriores a 6.0.3 y 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales conseguir privilegios mediante una manipulaci\u00f3n no espec\u00edfica que causa que el proceso authd conecte con un nombre de tuber\u00eda de su elecci\u00f3n, siendo una vulnerabilidad diferente que CVE-2008-1362."
}
],
"id": "CVE-2008-1361",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | ||
| cve@mitre.org | http://secunia.com/advisories/31708 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/30935 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1020789 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | ||
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44796 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30935 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44796 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | server | 1.0.1_build_29996 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4_build_56528 | |
| vmware | vmware_server | * | |
| vmware | vmware_server | 1.0 | |
| vmware | vmware_server | 1.0.0 | |
| vmware | vmware_server | 1.0.1 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_server | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*",
"matchCriteriaId": "87489138-7756-453C-A149-F2C4F95EFF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36F800DA-B1AF-469E-AE41-D3D46813EFB3",
"versionEndIncluding": "1.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "025EC5A6-E4DF-421F-911B-BD15FBF2A3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6F9A4A-41B0-48D9-B60C-EBF4EF899953",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request."
},
{
"lang": "es",
"value": "Una extensi\u00f3n ISAPI sin especificar en VMware Server versiones anteriores a 1.0.7 build 108231 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda IIS) a trav\u00e9s de peticiones mal formadas."
}
],
"id": "CVE-2008-3697",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30935"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020789"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-12 15:20
Modified
2025-04-09 00:30
Severity ?
Summary
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2009/03/11/2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/33758 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/37471 | Broken Link | |
| secalert@redhat.com | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0326.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/34084 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id?1021958 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=485163 | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/49199 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215 | Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/03/11/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33758 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37471 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0326.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34084 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021958 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=485163 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49199 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8.1 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11.1 | |
| linux | linux_kernel | 2.6.11.2 | |
| linux | linux_kernel | 2.6.11.3 | |
| linux | linux_kernel | 2.6.11.4 | |
| linux | linux_kernel | 2.6.11.5 | |
| linux | linux_kernel | 2.6.11.6 | |
| linux | linux_kernel | 2.6.11.7 | |
| linux | linux_kernel | 2.6.11.8 | |
| linux | linux_kernel | 2.6.11.9 | |
| linux | linux_kernel | 2.6.11.10 | |
| linux | linux_kernel | 2.6.11.11 | |
| linux | linux_kernel | 2.6.11.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12.1 | |
| linux | linux_kernel | 2.6.12.2 | |
| linux | linux_kernel | 2.6.12.3 | |
| linux | linux_kernel | 2.6.12.4 | |
| linux | linux_kernel | 2.6.12.5 | |
| linux | linux_kernel | 2.6.12.6 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13.1 | |
| linux | linux_kernel | 2.6.13.2 | |
| linux | linux_kernel | 2.6.13.3 | |
| linux | linux_kernel | 2.6.13.4 | |
| linux | linux_kernel | 2.6.13.5 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14.1 | |
| linux | linux_kernel | 2.6.14.2 | |
| linux | linux_kernel | 2.6.14.3 | |
| linux | linux_kernel | 2.6.14.4 | |
| linux | linux_kernel | 2.6.14.5 | |
| linux | linux_kernel | 2.6.14.6 | |
| linux | linux_kernel | 2.6.14.7 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15.1 | |
| linux | linux_kernel | 2.6.15.2 | |
| linux | linux_kernel | 2.6.15.3 | |
| linux | linux_kernel | 2.6.15.4 | |
| linux | linux_kernel | 2.6.15.5 | |
| linux | linux_kernel | 2.6.15.6 | |
| linux | linux_kernel | 2.6.15.7 | |
| linux | linux_kernel | 2.6.15.8 | |
| linux | linux_kernel | 2.6.15.9 | |
| linux | linux_kernel | 2.6.15.10 | |
| linux | linux_kernel | 2.6.15.11 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16.1 | |
| linux | linux_kernel | 2.6.16.2 | |
| linux | linux_kernel | 2.6.16.3 | |
| linux | linux_kernel | 2.6.16.4 | |
| linux | linux_kernel | 2.6.16.5 | |
| linux | linux_kernel | 2.6.16.6 | |
| linux | linux_kernel | 2.6.16.7 | |
| linux | linux_kernel | 2.6.16.8 | |
| linux | linux_kernel | 2.6.16.9 | |
| linux | linux_kernel | 2.6.16.10 | |
| linux | linux_kernel | 2.6.16.11 | |
| linux | linux_kernel | 2.6.16.12 | |
| linux | linux_kernel | 2.6.16.13 | |
| linux | linux_kernel | 2.6.16.14 | |
| linux | linux_kernel | 2.6.16.15 | |
| linux | linux_kernel | 2.6.16.16 | |
| linux | linux_kernel | 2.6.16.17 | |
| linux | linux_kernel | 2.6.16.18 | |
| linux | linux_kernel | 2.6.16.19 | |
| linux | linux_kernel | 2.6.16.20 | |
| linux | linux_kernel | 2.6.16.21 | |
| linux | linux_kernel | 2.6.16.22 | |
| linux | linux_kernel | 2.6.16.23 | |
| linux | linux_kernel | 2.6.16.24 | |
| linux | linux_kernel | 2.6.16.25 | |
| linux | linux_kernel | 2.6.16.26 | |
| linux | linux_kernel | 2.6.16.27 | |
| linux | linux_kernel | 2.6.16.28 | |
| linux | linux_kernel | 2.6.16.29 | |
| linux | linux_kernel | 2.6.16.30 | |
| linux | linux_kernel | 2.6.16.31 | |
| linux | linux_kernel | 2.6.16.32 | |
| linux | linux_kernel | 2.6.16.33 | |
| linux | linux_kernel | 2.6.16.34 | |
| linux | linux_kernel | 2.6.16.35 | |
| linux | linux_kernel | 2.6.16.36 | |
| linux | linux_kernel | 2.6.16.37 | |
| linux | linux_kernel | 2.6.16.38 | |
| linux | linux_kernel | 2.6.16.39 | |
| linux | linux_kernel | 2.6.16.40 | |
| linux | linux_kernel | 2.6.16.41 | |
| linux | linux_kernel | 2.6.16.42 | |
| linux | linux_kernel | 2.6.16.43 | |
| linux | linux_kernel | 2.6.16.44 | |
| linux | linux_kernel | 2.6.16.45 | |
| linux | linux_kernel | 2.6.16.46 | |
| linux | linux_kernel | 2.6.16.47 | |
| linux | linux_kernel | 2.6.16.48 | |
| linux | linux_kernel | 2.6.16.49 | |
| linux | linux_kernel | 2.6.16.50 | |
| linux | linux_kernel | 2.6.16.51 | |
| linux | linux_kernel | 2.6.16.52 | |
| linux | linux_kernel | 2.6.16.53 | |
| linux | linux_kernel | 2.6.16.54 | |
| linux | linux_kernel | 2.6.16.55 | |
| linux | linux_kernel | 2.6.16.56 | |
| linux | linux_kernel | 2.6.16.57 | |
| linux | linux_kernel | 2.6.16.58 | |
| linux | linux_kernel | 2.6.16.59 | |
| linux | linux_kernel | 2.6.16.60 | |
| linux | linux_kernel | 2.6.16.61 | |
| linux | linux_kernel | 2.6.16.62 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17.1 | |
| linux | linux_kernel | 2.6.17.2 | |
| linux | linux_kernel | 2.6.17.3 | |
| linux | linux_kernel | 2.6.17.4 | |
| linux | linux_kernel | 2.6.17.5 | |
| linux | linux_kernel | 2.6.17.6 | |
| linux | linux_kernel | 2.6.17.7 | |
| linux | linux_kernel | 2.6.17.8 | |
| linux | linux_kernel | 2.6.17.9 | |
| linux | linux_kernel | 2.6.17.10 | |
| linux | linux_kernel | 2.6.17.11 | |
| linux | linux_kernel | 2.6.17.12 | |
| linux | linux_kernel | 2.6.17.13 | |
| linux | linux_kernel | 2.6.17.14 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18.1 | |
| linux | linux_kernel | 2.6.18.2 | |
| linux | linux_kernel | 2.6.18.3 | |
| linux | linux_kernel | 2.6.18.4 | |
| linux | linux_kernel | 2.6.18.5 | |
| linux | linux_kernel | 2.6.18.6 | |
| linux | linux_kernel | 2.6.18.7 | |
| linux | linux_kernel | 2.6.18.8 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19.1 | |
| linux | linux_kernel | 2.6.19.2 | |
| linux | linux_kernel | 2.6.19.3 | |
| linux | linux_kernel | 2.6.19.4 | |
| linux | linux_kernel | 2.6.19.5 | |
| linux | linux_kernel | 2.6.19.6 | |
| linux | linux_kernel | 2.6.19.7 | |
| linux | linux_kernel | 2.6.20 | |
| linux | linux_kernel | 2.6.20 | |
| linux | linux_kernel | 2.6.20.1 | |
| linux | linux_kernel | 2.6.20.2 | |
| linux | linux_kernel | 2.6.20.3 | |
| linux | linux_kernel | 2.6.20.4 | |
| linux | linux_kernel | 2.6.20.5 | |
| linux | linux_kernel | 2.6.20.6 | |
| linux | linux_kernel | 2.6.20.7 | |
| linux | linux_kernel | 2.6.20.8 | |
| linux | linux_kernel | 2.6.20.9 | |
| linux | linux_kernel | 2.6.20.10 | |
| linux | linux_kernel | 2.6.20.11 | |
| linux | linux_kernel | 2.6.20.12 | |
| linux | linux_kernel | 2.6.20.13 | |
| linux | linux_kernel | 2.6.20.14 | |
| linux | linux_kernel | 2.6.20.15 | |
| linux | linux_kernel | 2.6.20.16 | |
| linux | linux_kernel | 2.6.20.17 | |
| linux | linux_kernel | 2.6.20.18 | |
| linux | linux_kernel | 2.6.20.19 | |
| linux | linux_kernel | 2.6.20.20 | |
| linux | linux_kernel | 2.6.20.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21.1 | |
| linux | linux_kernel | 2.6.21.2 | |
| linux | linux_kernel | 2.6.21.3 | |
| linux | linux_kernel | 2.6.21.4 | |
| linux | linux_kernel | 2.6.21.5 | |
| linux | linux_kernel | 2.6.21.6 | |
| linux | linux_kernel | 2.6.21.7 | |
| linux | linux_kernel | 2.6.22 | |
| linux | linux_kernel | 2.6.22 | |
| linux | linux_kernel | 2.6.22.1 | |
| linux | linux_kernel | 2.6.22.2 | |
| linux | linux_kernel | 2.6.22.3 | |
| linux | linux_kernel | 2.6.22.4 | |
| linux | linux_kernel | 2.6.22.5 | |
| linux | linux_kernel | 2.6.22.6 | |
| linux | linux_kernel | 2.6.22.7 | |
| linux | linux_kernel | 2.6.22.8 | |
| linux | linux_kernel | 2.6.22.9 | |
| linux | linux_kernel | 2.6.22.10 | |
| linux | linux_kernel | 2.6.22.11 | |
| linux | linux_kernel | 2.6.22.12 | |
| linux | linux_kernel | 2.6.22.13 | |
| linux | linux_kernel | 2.6.22.14 | |
| linux | linux_kernel | 2.6.22.15 | |
| linux | linux_kernel | 2.6.22.16 | |
| linux | linux_kernel | 2.6.22.17 | |
| linux | linux_kernel | 2.6.22.18 | |
| linux | linux_kernel | 2.6.22.19 | |
| linux | linux_kernel | 2.6.22.20 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.23.1 | |
| linux | linux_kernel | 2.6.23.2 | |
| linux | linux_kernel | 2.6.23.3 | |
| linux | linux_kernel | 2.6.23.4 | |
| linux | linux_kernel | 2.6.23.5 | |
| linux | linux_kernel | 2.6.23.6 | |
| linux | linux_kernel | 2.6.23.8 | |
| linux | linux_kernel | 2.6.23.9 | |
| linux | linux_kernel | 2.6.23.10 | |
| linux | linux_kernel | 2.6.23.11 | |
| linux | linux_kernel | 2.6.23.12 | |
| linux | linux_kernel | 2.6.23.13 | |
| linux | linux_kernel | 2.6.23.14 | |
| linux | linux_kernel | 2.6.23.15 | |
| linux | linux_kernel | 2.6.23.16 | |
| linux | linux_kernel | 2.6.23.17 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24.1 | |
| linux | linux_kernel | 2.6.24.2 | |
| linux | linux_kernel | 2.6.24.3 | |
| linux | linux_kernel | 2.6.24.4 | |
| linux | linux_kernel | 2.6.24.5 | |
| linux | linux_kernel | 2.6.24.6 | |
| vmware | vcenter | 4.0 | |
| vmware | virtualcenter | 2.0.2 | |
| vmware | virtualcenter | 2.5 | |
| microsoft | windows | - | |
| vmware | server | 2.0.0 | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | vma | 4.0 | |
| redhat | enterprise_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4298B94-7040-4CC0-8933-61CE1D967FB7",
"versionEndIncluding": "2.6.24.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*",
"matchCriteriaId": "7BCA84E2-AC4A-430D-8A30-E660D2A232A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*",
"matchCriteriaId": "2255842B-34CD-4062-886C-37161A065703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*",
"matchCriteriaId": "F0ED322D-004C-472E-A37F-89B78C55FE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*",
"matchCriteriaId": "412F7334-C46B-4F61-B38A-2CA56B498151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*",
"matchCriteriaId": "5967AF83-798D-4B1E-882A-5737FFC859C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*",
"matchCriteriaId": "A90D2123-D55B-4104-8D82-5B6365AA3B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*",
"matchCriteriaId": "DCCDFD49-D402-420E-92F5-20445A0FE139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*",
"matchCriteriaId": "2A073700-E8A9-4F76-9265-2BE0D5AC9909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*",
"matchCriteriaId": "8877D178-1655-46E9-8F5A-2DD576601F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*",
"matchCriteriaId": "0D55059C-B867-4E0F-B29C-9CD2C86915A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*",
"matchCriteriaId": "8358E965-3689-4B05-8470-C4A1463FA0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8220D81-9065-471F-9256-CFE7B9941555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D2A55C17-C530-4898-BC95-DE4D495F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C14A949-E2B8-4100-8ED4-645CB996B08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81941077-0011-4272-A8C7-21D0AFE7DECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB445E3E-CCBD-4737-BE30-841B9A79D558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9B2EDDD7-5B3E-45AA-BC42-A6FF516B8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "02F89C7A-24F2-4518-A605-78A5B7056A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2C43BA02-0686-42F0-B901-4CB88459E2D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5301E27-8021-467C-A9A2-AF2137EF0299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59393187-1D1E-45CD-BE0E-385F978E4834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D0CCDF6B-0365-4553-B161-3F6D68A58F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A9B2BB71-0489-40F6-9CB6-A95B96E92106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "842ECCE2-60F0-41C0-9EAA-A43AF97F61AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79787868-2D77-4B55-AD61-C2B357CCE047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "05F0391C-D4CC-4652-A24C-DC47F4C3DC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "56340FF9-EE77-4EB3-9720-240FAAEF39F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "79EB0E94-6AE8-4703-96BD-B927E0F2893F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3F27D3-8F1D-4576-A584-1E2059CC67B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8A1F1242-0F07-4D81-9175-3BA5B2C7B564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3ECBCF2E-95B3-4BE9-9B93-6390AB578C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1CF4EC75-06A2-4BD4-A39A-183F00C46E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5D260C-AE1C-47E9-A88C-B9C2B4349249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0934C49-5F88-4189-BD88-2F32C39C2F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DFC3618C-FBE8-4F7C-BECE-F2CDDF785599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6501752-2595-4412-9140-C78EB9FD41CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9958C6-AB7D-4B67-9AA7-42B628CBC391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14B0A230-4054-4483-A3A7-9A5A286C7552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D78F881-DB3A-423A-8DAD-314645B2B3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D77D4CC4-7008-4E6F-A8CA-62DA244BB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16E3D04-EC66-41FD-9CFA-FE0C21952CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F90242EF-048B-4539-AA41-87AA84875A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C4E9325-2A70-4E15-9AAF-5588BF218055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "01402A85-B681-4DE0-B7BB-F52567DA29E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "70D1E088-5A9B-4CBF-A4FF-969201942CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "455E647F-73DD-400A-AA19-3D93FE2E57AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B812DFE2-6FFA-4D31-839C-0CCB2B1310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC106BDA-2EA4-41A2-AA01-6352A5C255B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB515243-7519-4CA4-9267-D9A6798CBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B672E1B6-E8E9-473F-853F-906EA56D712E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*",
"matchCriteriaId": "0EA23C4F-0848-4680-ACB0-CBC57D3F8C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDE1E92-C64D-4A3B-95A2-384BD772B28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F727CD3-D3C2-4648-9EC5-092DF3F73B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4B130EB7-A951-4717-A906-E2F602F7B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D1765065-ABE5-478C-9ACC-EFFA8E4A7043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D90502F-EC45-4ADC-9428-B94346DA660B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8DE0233-BE28-4C0A-B9FB-2157F41F8D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2422569B-02ED-4028-83D8-D778657596B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E66E4653-1A55-4827-888B-E0776E32ED28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6C8994CB-7F94-43FB-8B84-06AEBB34EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "95DD4647-564E-4067-A945-F52232C0A33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD39A7A-9172-4B85-B8FE-CEB94207A897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35F5C369-6BFB-445F-AA8B-6F6FA7C33EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DE32C2-5B07-4812-9F88-000F5FB000C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02EED3D5-8F89-4B7F-A34B-52274B1A754F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5F87AA89-F377-4BEB-B69F-809F5DA6176C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C27AF62E-A026-43E9-89E6-CD807CE9DF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79C2AE0E-DAE8-4443-B33F-6ABA9019AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D343B121-C007-49F8-9DE8-AA05CE58FF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7936B7EE-9CD1-4698-AD67-C619D0171A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A2AA2D-5183-4C49-A59D-AEB7D9B5A69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0370A2-0A23-4E34-A2AC-8D87D051B0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5738D628-0B2D-4F56-9427-2009BFCB6C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F43EBCB4-FCF4-479A-A44D-D913F7F09C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "169446DE-67F8-4738-91FE-ED8058118F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*",
"matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7BF3B2-CCD1-4D39-AE9C-AB24ABA57447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "860F9225-8A3F-492C-B72B-5EFFB322802C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19DFB4EF-EA1F-4680-9D97-2FDFAA4B4A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57E23724-2CA4-4211-BB83-38661BE7E6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0688B3F-F8F2-4C62-B7A3-08F9FDCE7A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3896C4A6-C2F6-47CE-818A-7EB3DBF15BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6143DC1F-D62E-4DB2-AF43-30A07413D68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "93F0834D-C5EA-4C96-8D6C-3123ECF78F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F1784CBC-BEAF-48E5-95A4-2A4BD5F9F1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "31523E67-5E4F-43F7-9410-20CB3F287DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5D9F976B-1328-40FE-A1F2-C1DF3F836604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9B627DE3-2702-4EB2-9733-253D315FB594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "10E1B011-8D20-448E-9DD5-023DD30D1FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc7:*:*:*:*:*:*",
"matchCriteriaId": "2A29A4BC-0442-458E-A874-BF0D0F2870FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298266AB-2A36-4606-BF80-2185FC56C4D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2658CA-56C2-494F-AC42-618EC413CBDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD34526D-F2CC-44C5-991D-B1E41C327860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F0B900-34E9-4545-B7AE-AF0A4363EACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B36F432D-FED1-4B8D-A458-BEDEEF306AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5220F0FE-C4CC-4E75-A16A-4ADCABA7E8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04F25DE0-CA8E-4F57-87A5-C30D89CC9E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F87F764B-4097-44FA-B96E-A5DA75E31F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D7025803-C679-44DB-ADEE-864E6CAAD9B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24B879D6-4631-49A8-9366-75577DFB755D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C5B76C21-70C8-4911-A24B-270F876EF7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25379B32-D898-4E44-A740-978A129B5E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90F8F2-9549-413D-9676-3EF634D832B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "915E64EF-6EEC-4DE2-A285-5F3FCE389645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "585BEE46-088A-494E-8E18-03F33F6BBEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF35478-B292-4A00-B985-CEEDE8B212C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E85846A-61BE-4896-B4A6-42A7E1DBA515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3B925-031D-4F6D-915A-A16F0FFA878C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7344B707-6145-48BA-8BC9-9B140A260BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "390B1E09-7014-4A74-834C-806BBEBAF6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FEF02479-2124-4655-A38D-A4793D3B8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0FB5CF04-B5B6-4DFB-B051-61EDA257019F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A89DC9CD-C06F-4B9B-B376-900E65016296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc5:*:*:*:*:*:*",
"matchCriteriaId": "15BED7A7-3E96-43EF-8B6F-3C94897C3AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8C6FCAC4-B6C6-4125-B3AC-F30407AA7738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc7:*:*:*:*:*:*",
"matchCriteriaId": "707ECC75-65B6-4B02-BE85-A4804549A2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFCEA98-C708-4E1E-B189-E6F96D28F07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B753112-CCDE-4870-AA97-4AAA2946421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79B3AFE7-F4FF-4144-9046-E5926E305A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7616E197-ACCA-4191-A513-FD48417C7F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1AA7FC-F5B9-406C-ABE4-0BE5E9889619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE2F94D-E8E0-4BB7-A910-378012580025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "66F5AE3B-B701-4579-B44A-0F7A4267852E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DE04AF35-7A3B-45B0-A00F-2EF31910A2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D0ADF183-E519-4A99-910D-1F34E61B9EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4090E02D-1928-4003-91A4-7A422CCDAFFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBB1A21-3826-4BC5-A243-AF8F8D1D4728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1369C4A-EF3B-4805-9046-ADA38ED940C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CC3639E1-B5E4-4DD6-80D4-BA07D192C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*",
"matchCriteriaId": "54393D69-B368-4296-9798-D81570495C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6791A801-9E06-47DD-912F-D8594E2F6B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AE90CCED-3A5B-46E3-A6B0-4865AB786289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*",
"matchCriteriaId": "CBFF6DE7-6D7C-469A-9B2D-2F6E915F55B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86E452E4-45A9-4469-BF69-F40B6598F0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5751AC4-A60F-42C6-88E5-FC8CFEE6F696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF886A6-7E73-47AD-B6A5-A9EC5BEDCD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48777A01-8F36-4752-8F7A-1D1686C69A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42DA6A18-5AA1-4920-94C6-8D0BB73C5352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "992EA5DE-5A5B-4782-8B5A-BDD8D6FB1E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F0211-2D3E-4260-AD63-E83AE4EC4AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4E1245-C6BB-462C-9E27-C608595DAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "747F1324-AEFA-496F-9447-12CD13114F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "795C3B17-687E-4F33-AA99-8FEC16F14693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BDD5C7-9B6A-41B5-8679-5062B8A6E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "190D5E2C-AD60-41F4-B29D-FB8EA8CB5FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B81A4DD-2ADE-4455-B517-5E4E0532D5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD589CC-666B-4FAA-BCF0-91C484BDDB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD622EE-A840-42E1-B6BF-4AA27D039B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*",
"matchCriteriaId": "900D6742-DE0F-45C5-A812-BF84088CB02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*",
"matchCriteriaId": "225CA94C-8C84-4FA6-95D0-160A0016FBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D88ED3C4-64C5-44B2-9F23-E16087046C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB31E5-190C-489A-AB30-910D2CC854F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4A781A-4A41-466F-8426-10B40CF8BA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED29B3F-456B-4767-8E59-8C19A3B7E1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F6316369-B54A-4E59-A022-E0610353B284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*",
"matchCriteriaId": "073C3CE0-E12D-4545-8460-5A1514271D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*",
"matchCriteriaId": "670FAA25-A86F-4E04-A3A0-0B3FF6CF9C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB33DEA-13C7-4B36-AB8A-ED680679A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*",
"matchCriteriaId": "86DD0FCC-BB12-410D-8C82-AB99C7C5311E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*",
"matchCriteriaId": "83700989-8820-48DA-A9FE-6A77DF1E8439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9F4CEC-7781-468B-B460-4F487B7C6601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*",
"matchCriteriaId": "67C75A62-8807-4821-9362-1E0D63C0A1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*",
"matchCriteriaId": "894D4812-D62F-489E-8D0E-5E9468CE8EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F92E01-4F08-4364-9E87-FFBC095E32E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9960640-F02D-4E81-A34B-1893D8FD7F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D00DAD-4F2D-45C7-B87C-85118D9DD855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.34:*:*:*:*:*:*:*",
"matchCriteriaId": "0C398D26-7132-4A6E-9003-77246644451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED2DA2-2516-42E9-8A33-0FA64BF51DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FF425F00-41BA-4F59-A0DE-6362A1E9A142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.37:*:*:*:*:*:*:*",
"matchCriteriaId": "33577E79-1B6E-406D-A49B-2CEF1754F5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.38:*:*:*:*:*:*:*",
"matchCriteriaId": "8B21D90E-5172-485E-87AC-F1681604AD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.39:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F6822-92BF-43F5-8B3E-8BAF9E9A320D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.40:*:*:*:*:*:*:*",
"matchCriteriaId": "641EECFD-A985-4026-A53A-10FBE47EAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.41:*:*:*:*:*:*:*",
"matchCriteriaId": "47595F81-2083-4236-A0B0-E2B98DD78402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5FC758-5A5D-466A-8386-5FC469F79F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.43:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCA5C83-5293-4107-8E6A-85F82ECF2C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.44:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D0AADC-BC34-40FB-BD69-37981DC8E971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.45:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA7EAC4-7696-41CE-8EE9-3E39DE226BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.46:*:*:*:*:*:*:*",
"matchCriteriaId": "12547B6B-78F1-4426-81CE-5F208794658C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.47:*:*:*:*:*:*:*",
"matchCriteriaId": "38429E64-276B-46D4-AACD-05349D6F6615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.48:*:*:*:*:*:*:*",
"matchCriteriaId": "E89640F8-313B-4A36-A591-36645D1EF838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.49:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0271F0-41F2-4096-8C91-DAD1A81AF855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.50:*:*:*:*:*:*:*",
"matchCriteriaId": "7A40DCBB-B41B-468E-A918-6EA3F9A125E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.51:*:*:*:*:*:*:*",
"matchCriteriaId": "921B6A54-85E3-4867-8EDF-93EB86BAFBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A2C6F1-ED7E-4E51-BE72-BD744D554EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.53:*:*:*:*:*:*:*",
"matchCriteriaId": "2B004CF1-0ACC-441C-9F61-9B20504F4ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.54:*:*:*:*:*:*:*",
"matchCriteriaId": "04B42F06-AC6D-40F3-BC03-5126BED48F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.55:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8002C7-19E2-4F20-890E-4BA2029174D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.56:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC90C2-AED0-4EAF-B5E8-DE75961DA26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.57:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DA9C54-742C-4057-8BAB-18755B4A42D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.58:*:*:*:*:*:*:*",
"matchCriteriaId": "84BBE8BE-EAE8-4F7A-85BD-94BBF64F30EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.59:*:*:*:*:*:*:*",
"matchCriteriaId": "53037B40-D534-41D1-9895-8EDB0D884C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5549096F-C640-463E-AD07-FD8D254CC098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.61:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DCAF19-879C-42BB-B56A-84504E79758A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.62:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8ED186-B0FE-4AAC-9B20-DFAD75D7F677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "980A6C7D-6175-4A44-8377-74AA7A9FD108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C226902-04D9-4F32-866C-20225841ECF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C6EDD210-6E7B-4BD8-96C2-2C22FEE7DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "655DB612-AF49-4C17-AFB9-2E33EE8E0572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*",
"matchCriteriaId": "7EE30F34-EE81-4E1E-BF9F-A7A36B78B897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*",
"matchCriteriaId": "E1F65DF2-2794-47B7-9676-CCF150683CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB3068F-2F64-4BBC-BA3C-FB56A2FBED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6555D45B-D3B3-4455-AB1E-E513F9FB6139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA5E262-7825-496F-AA72-0AD6DE6F3C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56C6C01B-4CED-4F37-A415-0603496C27DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E62F6FA-6C96-4AEE-8547-8C2FE1FAD998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3ACE7A-A600-4ABB-B988-5D59D626DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2F839622-3DE1-4A16-8BD2-5FA2CBF014D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC47887B-5608-47BE-85EE-563864461915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AF39E62B-EAB4-44B0-A421-2A71B7DD8341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "809264F1-763D-4A8F-B206-222332DD8732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A66ED53E-3139-4972-B027-D614BFFB8628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "85A3AB7A-1959-4A57-B83D-B2753C43649E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB7FA3-727D-4BB9-937C-F4F5DA97FFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A60B265-5508-4EE0-980A-44BB0966FD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1817C772-D367-4ABE-B835-466D31A6DC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C667B8E4-64EB-4A05-84FF-B2243DEF757D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9484B41A-DFB6-4481-80D8-440C711CEA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53D373AF-DE6B-428E-9F0F-F1D220900A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F2975DF7-F916-456C-BF7C-2694559E5282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*",
"matchCriteriaId": "784EB96E-2FD3-4F77-8DB6-4D6C7A928946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D08CBC56-C820-4513-ABEC-1ABB3EFC3A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "338BB401-8831-4094-9186-2B3CFA5903D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1E32E6BA-AFEF-44A8-B230-87DD043BB222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F69E575B-BD1A-4E50-8D6F-131D5E08058E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6269B-5F6B-4413-B14D-7AE5442E4CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*",
"matchCriteriaId": "189D1246-F975-4411-A58B-343ED90485FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B914F7F-C6BD-4527-B1E9-7FD1E337A18C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82EC9FCA-D17D-4CB9-B925-E8F8B68F8FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "179147E4-5247-451D-9409-545D661BC158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4ED4E9DD-DDAD-46A8-9AD2-9CAE406F7575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8D97ED16-D6B7-4445-889C-4D6DE2EDC49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B2C2D5D4-9A4B-4CDF-8D71-D22EB5E97D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DFFB2843-A867-48EC-97D7-B106C7BBAED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6554469E-F6AE-4EB0-880E-CBFD196FEE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F99CFC1-DCCE-47B9-98EF-84AEDAECE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C20367B0-F722-4442-8B59-ABB0FEDB8CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "469EE3B0-3CC2-4AC2-86A0-2DF34205E707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC547EB-9308-4477-8256-A0E04B42D6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C6940324-0383-4510-BA55-770E0A6B80B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB1E1A8B-6FA1-45AD-B034-EC34884527DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3313D5-52E8-49B3-B145-170D9A26DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3A5FD5-4C42-4B00-8473-D5650FAED9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "480F035A-A59D-4113-A246-DF108BB2F591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30D39E29-B2A0-4075-84AF-994C27AB0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19879317-B067-45DA-B497-21EBDDDC2521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D220C745-28AD-4D04-B2D2-A090D229206E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC5B3A6-6CD5-448D-B910-3BAD15FDC3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AF8895-7BF8-458E-B2BB-68699AABC023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CA768A9D-6C63-405E-9D14-5D68F8E93A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF495E58-DA6C-402D-B381-4929CB8A502B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA794BE8-1A22-4BF8-AB79-53E7BCE60D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A591301C-C30F-44AC-90F0-709A18AA96E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D2606B-00A6-4FA3-A00D-B1E8A80B947C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.14:*:*:*:*:*:*:*",
"matchCriteriaId": "610A93BB-70E3-4BF1-83E8-8A7388477F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.15:*:*:*:*:*:*:*",
"matchCriteriaId": "821BD11F-3C6A-4424-BC9B-DFD786248B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F55A024-9F8E-44F8-A0D8-696BC232524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*",
"matchCriteriaId": "84595143-3B04-4CE8-81C0-28EEEC58CD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*",
"matchCriteriaId": "32EE2B49-DDEB-4B49-A5F0-CAA161095A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ABFA33-8FA1-488E-A9BD-1593F495F595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*",
"matchCriteriaId": "62F6DE3A-E6CC-4D7E-BD08-E43DC4182200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A29C44-EBE5-42B0-AFAD-C5A8F6EEF2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "50B422D1-6C6E-4359-A169-3EED78A1CF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git1:*:*:*:*:*:*",
"matchCriteriaId": "C8CBD2D9-3765-40B2-A056-D71BE750CC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git2:*:*:*:*:*:*",
"matchCriteriaId": "A8F4D967-ED04-42EA-8B3E-36301D39D651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git3:*:*:*:*:*:*",
"matchCriteriaId": "C498EE89-7F07-4B1E-90E6-5897E6B04670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git4:*:*:*:*:*:*",
"matchCriteriaId": "708656AF-92AE-4EAF-AF19-F457DB04ADB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git5:*:*:*:*:*:*",
"matchCriteriaId": "3B263AB8-74A4-4C73-915C-A02724C24B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git6:*:*:*:*:*:*",
"matchCriteriaId": "A96D739B-9E8B-4D2F-9DED-4C9B313473CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*",
"matchCriteriaId": "4ACDEFEE-B946-4232-8BD5-A9F7AA84ED85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:*:*:*:*:*:*",
"matchCriteriaId": "247E13CB-9B11-4B64-80AD-C0F8482CCC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:*:*:*:*:*:*",
"matchCriteriaId": "903FE5D3-A9FB-466D-833B-448233BB0803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:*:*:*:*:*:*",
"matchCriteriaId": "958EDC43-0848-4D93-9D07-6A085A5940B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AD35F21D-0A28-4C14-BCF5-8EDA760701C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:*:*:*:*:*:*",
"matchCriteriaId": "3AAD8BE9-A05B-40E8-80DF-0B2878968BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD2E9DC-2876-4515-BCE6-DDD0CC6A5708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F19064-CFBF-4B3C-A0A1-CE62265CD592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3F0CEC-B8FA-47E3-BA3E-182F43D3DA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB759752-DC19-4750-838B-056063EFDC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "96A43C95-8569-40BE-9E5B-F9B3D0B9D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD70B2B-9827-4DBB-B82D-0B70C2D4AB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99662904-E5E3-4E81-B199-39707EAEB652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D123AAFE-3F17-45C4-9382-BA392FD022C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A26D6-1BDA-45F0-8F7C-F95986050E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61A3EDF2-09D7-4116-AE46-D86E4B9602AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F320FA9F-C13D-4AA3-B838-A0E5D63E6A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B179CF1D-084D-4B21-956F-E55AC6BDE026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1B4877-286A-44B5-9C5C-0403F75B2BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*",
"matchCriteriaId": "432CA976-6EFA-4D34-B5EA-CD772D067F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E476195-657E-416E-BC16-44A18B06A133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12A55028-B8F9-4AD2-AE57-A80D561F3C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4E641C-67D4-4599-8EFB-0B2F8D81D68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*",
"matchCriteriaId": "70460F6C-D6C0-4C1A-B13E-368705EAF223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3F26BA18-08AD-45FE-9F83-25CCB2E27270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBFF148-3EDA-4216-910B-8930D8C443C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*",
"matchCriteriaId": "648C63F7-EA1D-4F2E-B8AF-1F380C83E542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1697B855-4834-4633-A5C8-C1F7F13ACE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBAE75F-9145-4B9A-A6D8-E488C5326145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF566DA-0F04-48DA-AA40-565979C55328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5990C6C2-2F66-4C4D-8224-74163865F410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3A45A9B9-4B19-4A5B-BC95-BCBC4EF00F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C23AD176-3B99-4593-BCBD-13C1E579A13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*",
"matchCriteriaId": "034DFD7F-8919-4245-8480-7B272F591271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E249774-CE05-43D5-A5A3-7CCE24BB2AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8D42BA44-C69B-4170-9867-CABF93CA9BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5140380C-71BD-464F-AE53-1814C2653056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B18EC0A7-8616-4039-B98B-E1216E035B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22FB141B-FA2A-435D-8937-83FC0669CB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C59131C8-F66A-4380-9F6E-3FC14C7C8562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5421616-4BF5-4269-8996-C3D2BA6AE2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23FC6CE2-8717-4558-A309-A441D322F00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CE87D1BC-A72D-42D2-A93C-67A5823BEB14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAC2E9D-0E82-4866-9046-ADD448418198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "760FB32D-9795-4B29-B79A-A32B5E70F7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFF67E9-B0C2-48D5-BB3A-CF21D10010FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5881A78C-D162-4DE5-8353-2BB1EC1F428B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B13D81D2-1A89-4E61-A90C-5E8BB880310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67F2047A-5F17-4B59-9075-41A5DC5C1CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.15:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9887E-2466-4C73-A8E1-2117492F9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE5B27-2EF0-464E-8F14-5E809D84D389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.17:*:*:*:*:*:*:*",
"matchCriteriaId": "815B2EE8-136F-44E4-997D-5F93A54775DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "13673DF5-09B1-40C8-AC54-A447DE8AB01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "085259B8-9D41-42B0-B32B-66B8D365F106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9A12DE15-E192-4B90-ADB7-A886B3746DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FF6588E7-F4FA-40F5-8945-FC7B6094376E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc4:*:*:*:*:*:*",
"matchCriteriaId": "AE87E13E-ACF7-4F74-8938-729F3B0D694C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D4965A12-1BBA-4494-A5C1-43E0C0F48C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52152F5A-1833-4490-A373-9C547B90B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64A095E-5E97-445E-B435-F09983CC0E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8035F93-9DEE-4B92-ABAA-4ABE0B71BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE92406-DBF3-463E-8A51-F9679E851FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C60D19B-ED9B-443C-9D49-002ABD381119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.6:*:*:*:*:*:*:*",
"matchCriteriaId": "264C61EE-64F6-43AD-B54F-7D683C29E64F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B31894-78E7-41A6-857C-D7A0C1C52838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF5385-64AA-48AD-A5FE-25918E4F07D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFD8D25-7FDF-48DF-8728-5875C44FFB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\""
},
{
"lang": "es",
"value": "La funci\u00f3n icmp_send en net/ipv4/icmp.c en el kernel Linux anerior a v2.6.25, cuando se configura como un router con una ruta RECHAZADA, no gestiona apropiadamente el Protocolo Independiente de Cach\u00e9 de Destino (alias DST) en alguna situaci\u00f3n que involucra transmisi\u00f3n de un mensaje ICMP Host inalcanzable, el cual permite a los atacantes remotos causar una denegaci\u00f3n de servicio (conectividad parada) enviando una larga serie de paquetes a muchos direcciones IP de destino con esta ruta RECHAZADA, RELATIVA a \"rt_cache leak.\""
}
],
"id": "CVE-2009-0778",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-12T15:20:49.780",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33758"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.\n\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0326.html .",
"lastModified": "2009-05-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021977 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021977 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | player | * | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 1.0.8 | |
| vmware | server | 2.0 | |
| vmware | workstation | * | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1C154A-3869-4189-A781-D3071D54143F",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "89699BB6-9E41-41DC-B597-B45CA05313A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D69FD9-F162-4623-A475-9FA7A3A6DF30",
"versionEndIncluding": "6.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un ioctl de hcmon.sys de VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE v2.5.1 y anteriores y VMware Server en sus versiones v1.0.x anteriores a v1.0.9 build 156507 y v2.0.x en sus versiones anteriores a v2.0.1 build 156745. Permite a usuarios locales provocar una denegaci\u00f3n de servicio (DOS) a trav\u00e9s de vectores de ataque desconocidos utilizando una vulnerabilidad distinta a la especificada en CVE-2008-3761."
}
],
"id": "CVE-2009-1146",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-06T15:30:04.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021977"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-13 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000055.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/53634 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/502615/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34471 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1022031 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0006.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/49834 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000055.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/53634 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502615/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34471 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022031 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49834 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | esx | 3.0.2 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | fusion | * | |
| vmware | fusion | 1.0 | |
| vmware | fusion | 1.1 | |
| vmware | fusion | 1.1.1 | |
| vmware | fusion | 1.1.2 | |
| vmware | fusion | 1.1.3 | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | player | * | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 1.0.8 | |
| vmware | server | 1.0.9 | |
| vmware | server | 2.0 | |
| vmware | workstation | * | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.0.0 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.0 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78322B97-DBE0-4C7E-9826-11727254500E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BA4159-EBBA-4326-A672-23322377781B",
"versionEndIncluding": "2.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "942B4ED3-A68E-4106-A98B-FA7CD3505140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDA2CE1-E26E-4347-BD60-2764A19F5E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B503A45-D9F3-414D-9BFA-C58B1E81A39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1C154A-3869-4189-A781-D3071D54143F",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "89699BB6-9E41-41DC-B597-B45CA05313A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9D09AC-7D9B-4150-86BC-19F44F6F2CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D69FD9-F162-4623-A475-9FA7A3A6DF30",
"versionEndIncluding": "6.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53FBB074-4EAC-4CEC-AFC5-33C66B135F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "525D50A3-2943-4B96-B354-F81F814A7707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en la funci\u00f3n de pantalla de m\u00e1quina virtual de en VMware Workstation v6.5.1 y anteriores; VMware Player v2.5.1 y anteriores; VMware ACE v2.5.1 y anteriores; VMware Server v1.x antes de la v1.0.9 build 156507 y v2.x antes de v2.0.1 build 156745; VMware Fusion antes de la v2.0.4 build 159196; VMware ESXi 3.5 y VMware ESX v3.0.2, v3.0.3 y v3.5 permite ejecutar, a los usuarios invitados, c\u00f3digo arbitrario en el sistema operativo anfitri\u00f3n a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a la CVE-2008-4916."
}
],
"id": "CVE-2009-1244",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-13T16:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53634"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022031"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/63606 | ||
| cve@mitre.org | http://secunia.com/advisories/39201 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39215 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/39407 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023835 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/63606 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39201 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39407 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023835 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| linux | linux_kernel | * | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| linux | linux_kernel | * | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 2.0.6 | |
| vmware | vix_api | 1.6.0 | |
| vmware | vix_api | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C47EB8-8844-4D49-9246-008F7AE45C60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FDEEE1-BC47-4EE6-A56B-C7626D554019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98918409-9F58-4FBC-B5C1-4015B5E3C0FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y VMware Server v2.x en Linux y VMware Fusion v2.x antes de v2.0.7 build 246.742, permite a usuarios locales conseguir privilegios a trav\u00e9s de especificadores de formato de cadenas en los metadatos de proceso."
}
],
"id": "CVE-2010-1139",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T18:30:00.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63606"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39201"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39407"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023835"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33101 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33101 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| vmware | esx | 2.0.2 | |
| vmware | esx | 2.1.3 | |
| vmware | esx | 2.5.3 | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE329FB-74A5-4D8C-B5D5-C6063CAAB479",
"versionEndExcluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "310A0A72-A709-407D-A68D-24EF59EEC553",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B87BD440-71B2-4D1C-B22A-A661D01928C0",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35A00737-2932-4877-8E02-1F9534C6FBAE",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02269212-A8EE-4BB2-8C6E-122953AAFB83",
"versionEndExcluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27920879-1408-4514-BA3F-B31DD69FACA2",
"versionEndExcluding": "5.5.5",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACA1016-EAC5-4210-ABDC-C2499F2841EA",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "796BEFD3-F30A-4397-BC3E-1156DE47CA4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F768C-5549-4498-8C5D-13BC5046B721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01BB3005-A185-4701-945E-8E14A23A016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers \"corrupt stack memory.\""
},
{
"lang": "es",
"value": "El servidor DHCP en EMC VMware Workstation anterior a 5.5.5 construcci\u00f3n 56455 y 6.x anterior a 6.0.1 construcci\u00f3n 55017, Player anterior a 1.0.5 construcci\u00f3n 56455 y Player 2 anterior a2.0.1 construcci\u00f3n 55017, ACE anterior a1.0.3 construcci\u00f3n 54075 y ACE 2 anterior a2.0.1 construcci\u00f3n 55017, y Server anterior a 1.0.4 construcci\u00f3n 56528 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3na trav\u00e9s de un paquete malformado que dispara \"corrupci\u00f3n de memoria basado en pila\"."
}
],
"id": "CVE-2007-0061",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-01 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000086.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/39037 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023769 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000086.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39037 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023769 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | virtualcenter | 2.0.2 | |
| vmware | virtualcenter | 2.5 | |
| vmware | server | 1.0 | |
| vmware | esx_server | 3.0.3 | |
| vmware | esx_server | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF5385-64AA-48AD-A5FE-25918E4F07D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C69FB3ED-9E8B-47A7-A326-1CE03B0EB62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess in VMware VirtualCenter 2.0.2 y 2.5 y en VMware ESX 3.0.3 y 3.5 y en Server Console en VMware Server 1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el nombre de una m\u00e1quina virtual."
}
],
"id": "CVE-2010-1137",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-01T19:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39037"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023769"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000069.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/37186 | Broken Link | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1023088 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://securitytracker.com/id?1023089 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/507523/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/36842 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0015.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3062 | Patch, Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000069.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37186 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023088 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023089 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507523/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36842 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0015.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3062 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.1_build_29996 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.4_build_56528 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 1.0.8 | |
| vmware | server | 1.0.9 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*",
"matchCriteriaId": "87489138-7756-453C-A149-F2C4F95EFF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "89699BB6-9E41-41DC-B597-B45CA05313A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9D09AC-7D9B-4150-86BC-19F44F6F2CA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en VMware Server v1.x anteriores a v1.0.10 build 203137 y v2.x anteriores a v2.0.2 build 203138 en Linux, VMware ESXi v3.5 y VMware ESX v3.0.3 y v3.5 permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de vectores de ataque sin especificar."
}
],
"id": "CVE-2009-3733",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37186"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023088"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023089"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36842"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1023089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | Exploit | |
| cve@mitre.org | http://www.securitytracker.com/id?1021974 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021974 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en VNnc Codec en VMware Workstation v6.5.x anteriores a v6.5.2 build 156735, VMware Player v2.5.x anteriores a v2.5.2 build 156735, VMware ACE v2.5.x anteriores a v2.5.2 build 156735, y VMware Server v2.0.x anteriores a v2.0.1 build 156745 permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de p\u00e1ginas web manipuladas o archivos de v\u00eddeo, tambi\u00e9n conocida como ZDI-CVE-435."
}
],
"id": "CVE-2009-0909",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-06T15:30:04.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-06 21:05
Modified
2025-04-11 00:51
Severity ?
Summary
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | ||
| cve@mitre.org | http://osvdb.org/69596 | ||
| cve@mitre.org | http://secunia.com/advisories/42482 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/514995/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/45169 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1024819 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/3116 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000112.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/69596 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42482 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/514995/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/45169 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1024819 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0018.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3116 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | movie_decoder | * | |
| vmware | movie_decoder | 6.5.3 | |
| vmware | movie_decoder | 6.5.4 | |
| vmware | movie_decoder | 7.0 | |
| vmware | movie_decoder | 7.1.2 | |
| microsoft | windows | * | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | workstation | 6.5.4 | |
| vmware | workstation | 6.5.5 | |
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 | |
| vmware | workstation | 7.1 | |
| vmware | workstation | 7.1.1 | |
| vmware | workstation | 7.1.2 | |
| microsoft | windows | * | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | player | 2.5.4 | |
| vmware | player | 2.5.5 | |
| vmware | player | 3.0 | |
| vmware | player | 3.0.1 | |
| vmware | player | 3.1 | |
| vmware | player | 3.1.1 | |
| vmware | player | 3.1.2 | |
| microsoft | windows | * | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88CDD5BD-D31E-4C47-81B6-674DD61263CC",
"versionEndIncluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91A02B59-86A1-4C48-AF2D-A7A05B9B75EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B55938DF-073D-4D0E-822B-B6D122511EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6375DE2F-5D82-432F-8C2E-1AD5590801EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3684F0D0-B8BE-442B-AA27-0A485E6BFFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A172221-19AB-4F7D-AA28-94AD5A6EFBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99ADA116-A571-4788-8DF2-09E8A2AF92F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656039E8-8082-4208-B046-518D95769B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "80003D5E-B63F-4635-94ED-706375A4F86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C174C452-7249-4B26-9F26-DFE9B3476874",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file."
},
{
"lang": "es",
"value": "La funcionalidad de descompresi\u00f3n de tramas (\"frames\") en el codec VMnc media de VMware Movie Decoder en versiones anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548, VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548 en Windows, VMware Player 2.5.x anteriores a la 2.5.5 build 246459 y 3.x anteriores a la 3.1.2 build 301548 en Windows, y VMware Server 2.x en Windows no valida apropiadamente un campo de tama\u00f1o sin especificar, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria din\u00e1mica) a trav\u00e9s de un archivo de v\u00eddeo modificado."
}
],
"id": "CVE-2010-4294",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-12-06T21:05:49.373",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/69596"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45169"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/69596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-16 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000073.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/38749 | ||
| cve@mitre.org | http://secunia.com/advisories/38842 | ||
| cve@mitre.org | http://securitytracker.com/id?1023683 | ||
| cve@mitre.org | http://www.osvdb.org/62738 | ||
| cve@mitre.org | http://www.osvdb.org/62739 | ||
| cve@mitre.org | http://www.osvdb.org/62740 | ||
| cve@mitre.org | http://www.osvdb.org/62741 | ||
| cve@mitre.org | http://www.osvdb.org/62742 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/509883/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/37346 | Patch | |
| cve@mitre.org | http://www.webworks.com/Security/2009-0001/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000073.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38749 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38842 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023683 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/62738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/62739 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/62740 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/62741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/62742 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/509883/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37346 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webworks.com/Security/2009-0001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webworks | epublisher | 9.0 | |
| webworks | epublisher | 9.1 | |
| webworks | epublisher | 9.2 | |
| webworks | epublisher | 9.3 | |
| webworks | epublisher | 2008.1 | |
| webworks | epublisher | 2008.2 | |
| webworks | epublisher | 2008.3 | |
| webworks | epublisher | 2008.4 | |
| webworks | epublisher | 2009.1 | |
| webworks | epublisher | 2009.2 | |
| webworks | help | 2.0 | |
| webworks | help | 3.0 | |
| webworks | help | 4.0 | |
| webworks | help | 5.0 | |
| webworks | publisher | 6.0 | |
| webworks | publisher | 7.0 | |
| webworks | publisher | 8.0 | |
| webworks | publisher | 2003 | |
| vmware | vcenter | 4.0 | |
| microsoft | windows | * | |
| vmware | esx_server | 4.0 | |
| vmware | lab_manager | 2.0 | |
| vmware | server | 2.0.2 | |
| vmware | stage_manager | * | |
| vmware | stage_manager | 1.0 | |
| vmware | vcenter_lab_manager | 3.0 | |
| vmware | vcenter_lab_manager | 3.0.1 | |
| vmware | vcenter_lab_manager | 3.0.2 | |
| vmware | vcenter_lab_manager | 4.0 | |
| vmware | vcenter_stage_manager | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webworks:epublisher:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0152043F-D767-431B-ADCF-154C43F3FB23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63A601BB-625C-41AD-888D-A8FC43621E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "477AD476-65A3-4901-8A51-0EC4BD1407D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5DDB8-B5F9-4F5A-8CA6-457EAC55C940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:2008.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1F3B683-43E8-47E1-A156-B8B5B78F140E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:2008.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A80FBF8-39B1-485F-83F6-48E1AE50E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:2008.3:*:*:*:*:*:*:*",
"matchCriteriaId": "328F3A49-3A14-486F-82C5-BD3CBF91C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:2008.4:*:*:*:*:*:*:*",
"matchCriteriaId": "984EAE97-3457-4ED7-AB2C-88CDFADCEDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:2009.1:*:*:*:*:*:*:*",
"matchCriteriaId": "951EB18F-72AD-4984-8521-A241B51532D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:epublisher:2009.2:*:*:*:*:*:*:*",
"matchCriteriaId": "663DA7E2-02D8-4EDE-8BD9-55D318C80261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:help:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C61DC8-4E65-4DDE-8718-BD55EF293F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:help:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFAF1F7-0F12-483A-AAF6-A186B96089A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:help:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4F0F35-2597-4350-BF95-9B289C6B5BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:help:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0E0770-2B8E-4F34-B311-572546DF42C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:publisher:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18F068C7-4ACB-40ED-BCFC-D9ABC531FD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:publisher:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B072DD95-C59E-40BB-A037-3044E8C5A928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:publisher:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20AC0582-144C-4A65-A0EC-333819958D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webworks:publisher:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB09974-DE62-4C4C-8AC5-84E5FED80341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B31894-78E7-41A6-857C-D7A0C1C52838",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25395564-5FFF-40BC-BE82-21FA9214EBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:lab_manager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35E0F13A-6576-4388-B382-9EF6F5C340C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:stage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F98A2B29-348C-4142-8D86-89E7FD3531AB",
"versionEndIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:stage_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21FBEF2D-D9E0-47D5-9B36-6D0049C51A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_lab_manager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD3006F-B84C-43C8-B451-64ECBF6A3656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_lab_manager:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E308D2-12B1-411D-B4AC-8F6CE964A951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_lab_manager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6985CAE9-0FB0-4D5E-A227-010B09A5EE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_lab_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE62CE8-9951-472F-AFD3-6858B2E6FB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_stage_manager:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB621E8-4E4B-410A-B57B-1B788442ED3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) wwhelp_entry.html alcanzable a trav\u00e9s d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) par\u00e1metros desconocidos y (b) mensajes usados en los enlaces de \"topic\" para la funcionalidad de marcadores."
}
],
"id": "CVE-2009-3731",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-16T18:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38749"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38842"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023683"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62738"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62739"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62740"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62741"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62742"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37346"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.webworks.com/Security/2009-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.webworks.com/Security/2009-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX de VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque remotos desconocidos, una vulnerabilidad diferente a CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3691",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-01 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/35269 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/503912/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/35141 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022300 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1452 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35269 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/503912/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35141 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022300 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1452 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.3_build_54075 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.1_build_55017 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | esx | 3.0.2 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | fusion | * | |
| vmware | fusion | 2.0 | |
| vmware | player | * | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | server | * | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.1_build_29996 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.4_build_56528 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 2.0 | |
| vmware | workstation | * | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.1_build_5289 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.0.0 | |
| vmware | workstation | 5.0.0_build_13124 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.0 | |
| vmware | workstation | 5.5.0_build_13124 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.1_build_19175 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.5_build_56455 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.1_build_55017 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B6602F-EF25-4E20-B4AA-955C026F7AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "9D438AB9-825C-4A9B-A3FF-55F2E5743B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78322B97-DBE0-4C7E-9826-11727254500E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4004A38A-01A6-41BE-84EB-1D7C7FAD0214",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1C154A-3869-4189-A781-D3071D54143F",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B24C0071-58F9-4971-951B-7AA12294F7D9",
"versionEndIncluding": "1.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*",
"matchCriteriaId": "87489138-7756-453C-A149-F2C4F95EFF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D69FD9-F162-4623-A475-9FA7A3A6DF30",
"versionEndIncluding": "6.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1_build_5289:*:*:*:*:*:*:*",
"matchCriteriaId": "25F1481E-A07D-4913-BCF3-630561F0FBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F9694-8556-4990-A867-592D6A927498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*",
"matchCriteriaId": "0C605123-69F9-44AC-A17E-3C728059E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53FBB074-4EAC-4CEC-AFC5-33C66B135F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "41B54C61-FB19-4900-A635-2F6B63BEC88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "525D50A3-2943-4B96-B354-F81F814A7707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BCB22F-7B9A-493B-AE19-18D0C15EA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*",
"matchCriteriaId": "33D6D4DD-13D2-4EA0-A7D7-367C3809ABAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:42958:*:*:*:*:*:*",
"matchCriteriaId": "559D2177-ECB9-4AFF-A8B4-BCB47A1B4637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5_build_56455:*:*:*:*:*:*:*",
"matchCriteriaId": "B27D214D-2BEF-4445-802A-5E02E9E5E5CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "0692E537-A36E-470B-BECE-A17D531B925C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el controlador VMware Descheduled Time Accounting en VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE v2.5.1 y anteriores, VMware Server v1.x anteriores a v1.0.9 build 156507 y v2.x anteriores a v2.0.1 build 156745, VMware Fusion v2.x anteriores a v2.0.2 build 147997, VMware ESXi v3.5, y VMware ESX v3.0.2, v3.0.3, y v3.5, cuando el servicio Descheduled Time Accounting no se est\u00e1 ejecutando, permite a usuarios invitados del sistema operativo en Windows provocar una denegaci\u00f3n de servicio mediante vectores desconocidos."
}
],
"id": "CVE-2009-1805",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-01T19:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35269"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35141"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022300"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no espeficada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server before 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3693",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-05 20:32
Modified
2025-04-09 00:30
Severity ?
Summary
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 | ||
| cve@mitre.org | http://secunia.com/advisories/30556 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3922 | ||
| cve@mitre.org | http://securitytracker.com/id?1020198 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/493080/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/29557 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1744 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/42878 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30556 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3922 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020198 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493080/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29557 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1744 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/42878 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | esx_server | 2.5.5 | |
| vmware | esx_server | 3.1 | |
| vmware | esx_server | 3.2 | |
| vmware | esx_server | 3.3 | |
| vmware | esx_server | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.0 | |
| vmware | vmware_server | 1.0.1 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_server | 1.0.5 | |
| vmware | vmware_workstation | 5.5.0 | |
| vmware | vmware_workstation | 5.5.2 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 5.5.6 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | vmware_workstation | 6.0.3 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 6.0 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| vmware | esx | 3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADCA876-2B69-4267-8467-E7E470428D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4346ED-5837-4784-8D87-6C148BA4AAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15063D48-B55F-41C4-8AE3-CB96F1F1BB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D40A48BB-A2E5-4D27-8E11-DE9D1CF08FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6F9A4A-41B0-48D9-B60C-EBF4EF899953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en vmware-authd en VMware Workstation versi\u00f3n 5.x anterior a 5.5.7 build 91707 y versi\u00f3n 6.x anterior a 6.0.4 build 93057, VMware Player versi\u00f3n 1.x anterior a 1.0.7 build 91707 y versi\u00f3n 2.x anterior a 2.0.4 build 93057, y VMware Server anterior a 1.0.6 build 91891 en Linux, y VMware ESXi versi\u00f3n 3.5 y VMware ESX versi\u00f3n 2.5.4 hasta 3.5, permite a los usuarios locales obtener privilegios por medio de una opci\u00f3n de path library en un archivo de configuraci\u00f3n."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2008-0967",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-05T20:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020198"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29557"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-04 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/40088 | ||
| cve@mitre.org | http://taviso.decsystem.org/virtsec.pdf | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1592 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/40088 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://taviso.decsystem.org/virtsec.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1592 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337."
},
{
"lang": "es",
"value": "El subsitema de administraci\u00f3n de alimentaci\u00f3n PIIX4 en EMC VMware Workstation 5.5.3.34685 y VMware Server 1.0.1.29996 permite a usuarios locales escribir en posiciones de memoria de su elecci\u00f3n mediante un escritura en memoria (poke) manipulada en el puerto de entrada/salida 0x1004, disparando una denegaci\u00f3n de servicio (ca\u00edda de m\u00e1quina virtual) u otro impacto no especificado, tema relacionado en CVE-2007-1337."
}
],
"id": "CVE-2007-2491",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-04T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40088"
},
{
"source": "cve@mitre.org",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1592"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019623 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28289 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41254 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019623 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28289 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41254 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servicio DHCP en VMware Workstation versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 1.0.x anteriores a 1.0.5, VMware Server versiones 1.0.x anteriores a 1.0.5, y VMware Fusion versiones 1.1.x anteriores a 1.1.1 permite a atacantes provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2008-1364",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019623"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3692",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=227135 | ||
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | ||
| cve@mitre.org | http://secunia.com/advisories/26890 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31396 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34263 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200808-05.xml | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0041 | ||
| cve@mitre.org | http://www.iss.net/threats/275.html | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:153 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/501759/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25729 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018717 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | ||
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=339561 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33102 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=227135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31396 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34263 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200808-05.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/threats/275.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:153 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/501759/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25729 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018717 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=339561 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33102 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0.3 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.4 | |
| vmware | player | 2.0 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 5.5.0_build_13124 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.1_build_19175 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BCB22F-7B9A-493B-AE19-18D0C15EA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*",
"matchCriteriaId": "33D6D4DD-13D2-4EA0-A7D7-367C3809ABAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients."
},
{
"lang": "es",
"value": "Un desbordamiento enteros en el dhcpd ISC versi\u00f3n 3.0.x anterior a 3.0.7 y versi\u00f3n 3.1.x anterior a 3.1.1; y el servidor DHCP en EMC VMware Workstation anterior a versi\u00f3n 5.5.5 Build 56455 y versi\u00f3n 6.x anterior a 6.0.1 Build 55017, Player anterior a versi\u00f3n 1.0.5 Build 56455 y Player 2 anterior a versi\u00f3n 2.0.1 Build 55017, ACE anterior a versi\u00f3n 1.0.3 Build 54075 y ACE 2 anterior a versi\u00f3n 2.0.1 Build 55017, y Server versi\u00f3n 1.0.4 56528; permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) o ejecutar c\u00f3digo arbitrario por medio de un paquete DHCP con formato inapropiado con un gran tama\u00f1o de mensaje m\u00e1ximo dhcp que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, relacionado con servidores configurados para enviar muchas opciones DHCP a clientes."
}
],
"id": "CVE-2007-0062",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31396"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34263"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1, 3, 4, or 5:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39198 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023832 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023833 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023833 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| microsoft | windows | * | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| microsoft | windows | * | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| microsoft | windows | * | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| microsoft | windows | * | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 3.0 | |
| microsoft | windows | * | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| microsoft | windows | * | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7268F-A170-4366-9196-E73A956883DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B037838B-072E-4676-9E5D-86F5BC207512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
},
{
"lang": "es",
"value": "VMware Tools en VMware Workstation v6.5.x before v6.5.4 build v246459; VMware Player v2.5.x anterior a v2.5.4 build 246459; VMware ACE v2.5.x anterior a v2.5.4 build 246459; VMware Server v2.x anterior a v2.0.2 build 203138; VMware Fusion v2.x anterior a v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX 2.5.5, 3.0.3, 3.5, y 4.0 no accede adecuadamente a las bibliotecas de acceso, lo cual permite a atacantes remotos ayudados por usuarios ejecutar c\u00f3digo a su elecci\u00f3n al enga\u00f1ar a un usuario en un cliente Windows OS a hacer clic en un archivo que se almacena en un recurso compartido de red."
}
],
"id": "CVE-2010-1141",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-12T18:30:00.663",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2025-04-03 01:03
Severity ?
Summary
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.vmware.com/kb/2467205 | ||
| cve@mitre.org | http://secunia.com/advisories/21120 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/23680 | ||
| cve@mitre.org | http://securitytracker.com/id?1016536 | ||
| cve@mitre.org | http://www.osvdb.org/27418 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/440583/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/441082/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/456546/100/200/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/19060 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/19062 | ||
| cve@mitre.org | http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html | ||
| cve@mitre.org | http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html | ||
| cve@mitre.org | http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html | ||
| cve@mitre.org | http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2880 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27881 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.vmware.com/kb/2467205 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21120 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23680 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/27418 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/440583/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/441082/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/456546/100/200/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19060 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19062 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2880 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27881 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0E3A11-F411-4653-96ED-05ECE4DCF401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A9A9E09-959A-4A99-A25C-09AA4FA646D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A348CABB-CD52-4C55-9653-154C75605CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA74505A-3550-4646-B2D6-6E6D0924023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7632C2AE-4B59-4B17-8A6B-C1D05C2824FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC77D81A-12AA-4948-9970-9461289DC648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54A10ABE-E778-4133-B1AA-05FE6829A34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CB97F9-9DF6-4493-A245-F4901F4DD22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C862131A-64D8-4C2D-815F-19971D63AF00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."
},
{
"lang": "es",
"value": "vmware-config.pl en VMware for Linux, ESX Server 2.x, y Infrastructure 3 no valida el c\u00f3digo de retorno desde la llamada a la funci\u00f3n Perl chmod, lo cual podr\u00eda permitir un fichero llave SSL sea creado con una umask no segura que permite a usuarios locales leer o modificar la llave SSL."
}
],
"id": "CVE-2006-3589",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-21T14:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.vmware.com/kb/2467205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21120"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23680"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016536"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27418"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19060"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19062"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2880"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.vmware.com/kb/2467205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-05 20:32
Modified
2025-04-09 00:30
Severity ?
Summary
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 | ||
| cve@mitre.org | http://secunia.com/advisories/30556 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3922 | ||
| cve@mitre.org | http://securitytracker.com/id?1020197 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/493080/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/493148/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/493172/100/0/threaded | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1744 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30556 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3922 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020197 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493080/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493148/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493172/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1744 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | esx_server | 2.5.5 | |
| vmware | player | 1.0.4 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_player | 1.0.0 | |
| vmware | vmware_player | 1.0.1 | |
| vmware | vmware_player | 1.0.2 | |
| vmware | vmware_player | 1.0.3 | |
| vmware | vmware_player | 1.0.5 | |
| vmware | vmware_server | 1.0.0 | |
| vmware | vmware_server | 1.0.1 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.0 | |
| vmware | vmware_workstation | 5.5.2 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.4 | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| vmware | esx | 3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADCA876-2B69-4267-8467-E7E470428D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
},
{
"lang": "es",
"value": "HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia \\\\.\\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elecci\u00f3n en el n\u00facleo de la memoria del sistema huesped y as\u00ed obtener privilegios."
}
],
"id": "CVE-2007-5671",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-05T20:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020197"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021976 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.3_build_54075 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.1_build_55017 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.1_build_5289 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.0.0_build_13124 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.0_build_13124 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.1_build_19175 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.5_build_56455 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.1_build_55017 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 | |
| vmware | workstation | 6.5.1 | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1A5C22-A89A-4B6B-9108-8C3678BBBC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B6602F-EF25-4E20-B4AA-955C026F7AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "9D438AB9-825C-4A9B-A3FF-55F2E5743B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1_build_5289:*:*:*:*:*:*:*",
"matchCriteriaId": "25F1481E-A07D-4913-BCF3-630561F0FBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F9694-8556-4990-A867-592D6A927498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*",
"matchCriteriaId": "0C605123-69F9-44AC-A17E-3C728059E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "41B54C61-FB19-4900-A635-2F6B63BEC88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BCB22F-7B9A-493B-AE19-18D0C15EA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*",
"matchCriteriaId": "33D6D4DD-13D2-4EA0-A7D7-367C3809ABAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:42958:*:*:*:*:*:*",
"matchCriteriaId": "559D2177-ECB9-4AFF-A8B4-BCB47A1B4637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5_build_56455:*:*:*:*:*:*:*",
"matchCriteriaId": "B27D214D-2BEF-4445-802A-5E02E9E5E5CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "0692E537-A36E-470B-BECE-A17D531B925C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el archivo vmci.sys en la Virtual Machine Communication Interface (VMCI) en VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE 2.5.1 y anteriores, y VMware Server v2.0.x anteriores a v2.0.1 build 156745 permite a los usuarios locales obtener privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-1147",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-06T15:30:04.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021976"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/29503 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/43062 | VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/6345 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29503 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/43062 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/6345 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en un cierto control ActiveX en el COM API de VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a 1.0.7 build 108231 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del navegador) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una llamada al m\u00e9todo GuestInfo en el cual hay un argumento de cadena largo, y un asignamiento de un valor de cadena largo al resultado de esa llamada.\r\nNOTA: esto puede superponerse a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, o CVE-2008-3696."
}
],
"id": "CVE-2008-3892",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, y CVE-2008-3695."
}
],
"id": "CVE-2008-3696",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-27 15:30
Modified
2025-04-11 00:51
Severity ?
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://freetexthost.com/qr1tffkzpu | Exploit, URL Repurposed | |
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html | Exploit | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36630 | Exploit | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://freetexthost.com/qr1tffkzpu | Exploit, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36630 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| vmware | ace | 2.5.4 | |
| vmware | ace | 2.6 | |
| vmware | ace | 2.6.1 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | player | 2.5.4 | |
| vmware | player | 3.0 | |
| vmware | player | 3.0.1 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | workstation | 6.5.4 | |
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB84B42-8C68-4B65-93F9-287B699B7540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3997440A-B731-4F26-A90B-BB14A8F93E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656039E8-8082-4208-B046-518D95769B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3684F0D0-B8BE-442B-AA27-0A485E6BFFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "VMware Authentication Daemon 1.0 en vmware-authd.exe en VMware Authorization Service en VMware Workstation 7.0 en versiones anteriores a la 7.0.1 build 227600 y 6.5.x en versiones anteriores a la 6.5.4 build 246459, VMware Player 3.0 en versiones anteriores a la 3.0.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459, VMware ACE 2.6 en versiones anteriores a la 2.6.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459 y VMware Server 2.x permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso) mediante una secuencia \\x25\\x90 en los comandos USER y PASS, un problema relacionado con CVE-2009-3707. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-4811",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-27T15:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-06 19:54
Modified
2025-04-09 00:30
Severity ?
Summary
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html | Third Party Advisory | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=122331139823057&w=2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32157 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32179 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32180 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/497041/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/31569 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020991 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0016.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2740 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/45668 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=122331139823057&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32157 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32179 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32180 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/497041/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31569 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020991 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0016.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2740 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/45668 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F29FCDD4-79B7-4047-997D-0AB10226072D",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC7AFE3-A672-43B2-A77A-8C240198029B",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C75330AD-47BB-408C-A407-3685891A98BF",
"versionEndIncluding": "3.5",
"versionStartIncluding": "2.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address."
},
{
"lang": "es",
"value": "La emulaci\u00f3n de hardware de CPU para sistemas operativos invitados de 64 bits en VMware Workstation versi\u00f3n 6.0.x anterior a 6.0.5 build 109488 y versi\u00f3n 5.x anterior a 5.5.8 build 108000; Player versi\u00f3n 2.0.x anterior a 2.0.5 build 109488 y versi\u00f3n 1.x anterior a 1.0.8; Server versi\u00f3n 1.x anterior a 1.0.7 build 108231; y ESX versi\u00f3n 2.5.4 anterior a 3.5, permite a los usuarios del sistema operativo invitado autenticado conseguir privilegios adicionales del sistema operativo invitado mediante la activaci\u00f3n de una excepci\u00f3n que hace que la CPU virtual realice un salto indirecto a una direcci\u00f3n no can\u00f3nica."
}
],
"id": "CVE-2008-4279",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-06T19:54:36.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32157"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32179"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32180"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31569"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020991"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2740"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/63607 | ||
| cve@mitre.org | http://secunia.com/advisories/39203 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39215 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/39395 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023836 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/63607 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39203 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 7.0 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| microsoft | windows | * | |
| vmware | player | 3.0 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| microsoft | windows | * | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| vmware | ace | 2.6 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 2.0.6 | |
| vmware | fusion | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C47EB8-8844-4D49-9246-008F7AE45C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7268F-A170-4366-9196-E73A956883DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process."
},
{
"lang": "es",
"value": "La pila de la red virtual en VMware Workstation v7.0 anteriores a v7.0.1 build 227600, VMware Workstation v6.5.x anteriores a v6.5.4 build 246459 en Windows, VMware Player v3.0 anteriores a v3.0.1 build 227600, VMware Player v2.5.x anteriores a v2.5.4 build 246459 en Windows, VMware ACE v2.6 anteriores a v2.6.1 build 227600 y v2.5.x anteriores a v2.5.4 build 246459, VMware Server v2.x, y VMware Fusion v3.0 anteriores a v3.0.1 build 232708 y v2.x anteriores a v2.0.7 build 246742 permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria en el sistema operativo anfitri\u00f3n mediante el examen de los paquetes de red recibidos, relacionado con la interacci\u00f3n entre el sistema operativo invitado y el proceso vmware-vx anfitri\u00f3n."
}
],
"id": "CVE-2010-1138",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T18:30:00.553",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63607"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39203"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39395"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023836"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| PSIRT-CNA@flexerasoftware.com | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| PSIRT-CNA@flexerasoftware.com | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866 | ||
| PSIRT-CNA@flexerasoftware.com | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| PSIRT-CNA@flexerasoftware.com | http://osvdb.org/63614 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/36712 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/39206 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/39215 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2009-36/ | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/39363 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securitytracker.com/id?1023838 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/63614 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36712 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2009-36/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39363 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023838 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | movie_decoder | 6.5.3 | |
| microsoft | windows | * | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en vmnc.dll en VMnc media codec en VMware Movie Decoder anterior a v6.5.4 build 246459 en Windows, y el descodificador de cine en VMware Workstation v6.5.x anterior a v6.5.4 build 246459, VMware Player v2.5.x anterior a v2.5.4 build 246459, y VMware Server v2.x en Windows, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n mediante un archivo AVI con trozos de v\u00eddeo manipulados que utilizan la codificaci\u00f3n HexTile."
}
],
"id": "CVE-2009-1564",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-12T18:30:00.350",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/63614"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36712"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-36/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/39363"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1023838"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-36/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3694",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25731 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25731 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A98FBF6-45D0-48BC-8E24-8C7F136F53AB",
"versionEndIncluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4028C2-4A8A-41E3-9B58-5E48CEFC7F99",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF86A1B-FC17-4CB4-9F3C-726491C117BB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA625B0B-2837-4B5A-9B36-FC77CF0748AC",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "574C5392-7607-4F34-A661-CF618AA52BC4",
"versionEndIncluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F4F51-A9B8-4CA9-AE2C-458E61DB9D47",
"versionEndIncluding": "5.5.5",
"versionStartIncluding": "5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40975D44-E804-4A1C-9577-18D7DE1051E5",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en EMC VMware Workstation anterior a 5.5.5 Build 56455 y 6.x anterior a 6.0.1 Build 55017, Player anterior a 1.0.5 Build 56455 y Player 2 anterior a 2.0.1 Build 55017, ACE anterior a 1.0.3 Bui9ld 54075 y ACE 2 anterior a 2.0.1 Build 55017, y Server anterior a 1.0.4 Build 56528 permite a usuarios con acceso a un sistema operativo invitado (guest) provocar una denegaci\u00f3n de servicio (cuelgue total del sistema invitado y ca\u00edda o cuelgue del proceso anfitri\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-4497",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1020790 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30936 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44795 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020790 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30936 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44795 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la funci\u00f3n OpenProcess de VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a 1.0.7 build 108231 en Windows permite a usuarios locales del SO anfitri\u00f3n conseguir privilegios en el SO anfitri\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-3698",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Broken Link | |
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Broken Link | |
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39110 | Not Applicable | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39110 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2579A3BF-B7C0-4052-8D6A-31E872ECD2B6",
"versionEndExcluding": "2.5.4",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66157E4-285D-4975-BED8-9A52326F2100",
"versionEndExcluding": "2.5.4",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9554F5-950A-422F-BC26-80C1BCCDD792",
"versionEndIncluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "662DDDC1-E5A9-4D11-BC2E-66E05FBEB5AB",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en vmware-vmrc.exe build 158248 en VMware Remote Console (tambi\u00e9n conocido como VMrc) permite a atacantes remotos jcutar codigo arbitrario a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-3732",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T18:30:00.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/39110"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/39110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33103 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33103 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| vmware | esx | 2.0.2 | |
| vmware | esx | 2.1.3 | |
| vmware | esx | 2.5.3 | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE329FB-74A5-4D8C-B5D5-C6063CAAB479",
"versionEndExcluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "310A0A72-A709-407D-A68D-24EF59EEC553",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B87BD440-71B2-4D1C-B22A-A661D01928C0",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35A00737-2932-4877-8E02-1F9534C6FBAE",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02269212-A8EE-4BB2-8C6E-122953AAFB83",
"versionEndExcluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27920879-1408-4514-BA3F-B31DD69FACA2",
"versionEndExcluding": "5.5.5",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACA1016-EAC5-4210-ABDC-C2499F2841EA",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "796BEFD3-F30A-4397-BC3E-1156DE47CA4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F768C-5549-4498-8C5D-13BC5046B721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01BB3005-A185-4701-945E-8E14A23A016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento inferior de entero en el servidor DHCP de EMC VMware Workstation anterior a 5.5.5 Build 56455 y 5.x anterior a 6.0.1 Build 55017, Player anterior a 1.0.5 Build 56455 y Player 2 anterior a 2.0.1 Build 55017, ACE anterior a 1.0.3 Build 54075 y ACE 2 anterior a 2.0.1 Build 55017, y Server anterior a 1.0.4 Build 56527 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete DHCP mal formado que dispara un desbordamiento de b\u00fafer basado en pila."
}
],
"id": "CVE-2007-0063",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue is the same as CVE-2007-5365. The affected dhcp versions were fixed via: https://rhn.redhat.com/errata/RHSA-2007-0970.html\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000069.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/37172 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1023082 | ||
| cve@mitre.org | http://securitytracker.com/id?1023083 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/507523/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/507539/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36841 | Exploit | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0015.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3062 | Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000069.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37172 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023082 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507523/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507539/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36841 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0015.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3062 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 1.0.8 | |
| vmware | server | 1.0.9 | |
| vmware | server | 2.0 | |
| vmware | server | 2.0 | |
| vmware | server | 2.0.1 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B037838B-072E-4676-9E5D-86F5BC207512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "89699BB6-9E41-41DC-B597-B45CA05313A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9D09AC-7D9B-4150-86BC-19F44F6F2CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C2AAA6D-A31D-43A7-AB2F-FBF9815A9745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register."
},
{
"lang": "es",
"value": "VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, VMware ACE v2.5.x anteriores a v2.5.3 build 185404, VMware Server v1.x anteriores a v1.0.10 build 203137 and v2.x anteriores a v2.0.2 build 203138, VMware Fusion v2.x anteriores a v2.0.6 build 196839, VMware ESXi v3.5 y v4.0, y VMware ESX v2.5.5, v3.0.3, v3.5 y v4.0, cuando el modo Virtual-8086 es usado, no asigna adecuadamente el c\u00f3digo de excepci\u00f3n para una excepci\u00f3n de fallo de p\u00e1gina (tambi\u00e9n conocido como #PF), lo que permite a usuarios del SO anfitri\u00f3n obtener privilegios en el SO anfitri\u00f3n especificando un valor modificado para el registro cs."
}
],
"id": "CVE-2009-2267",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37172"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023082"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023083"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-01 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000086.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/39037 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1023769 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000086.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39037 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023769 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0005.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | virtualcenter | 2.0.2 | |
| vmware | virtualcenter | 2.5 | |
| vmware | server | 2.0.0 | |
| vmware | esx_server | 3.0.3 | |
| vmware | esx_server | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF5385-64AA-48AD-A5FE-25918E4F07D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C69FB3ED-9E8B-47A7-A326-1CE03B0EB62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a \"URL forwarding vulnerability.\""
},
{
"lang": "es",
"value": "WebAccess en VMware VirtualCenter 2.0.2 y 2.5, VMware Server 2.0 y VMware ESX 3.0.3 y 3.5 permite a atacantes remotos aprovechar la funcionalidad de servidor proxy para falsificar el origen de las solicitudes a trav\u00e9s de vectores no especificados, relacionados con una \"vulnerabilidad para redirigir una URL.\""
}
],
"id": "CVE-2010-0686",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-01T19:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023769"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/39037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0005.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}