Vmware Esxi vulnerabilities

CVE-2009-2416 [MEDIUM] CWE-416 CVE-2009-2416: Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and l Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CVE-2009-0034 [HIGH] ESX Service Console updates for udev, sudo, and curl VMSA-2009-0009: ESX Service Console updates for udev, sudo, and curl a. Service Console package udev A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1185 to this issue. Please see

CVE-2009-1805 [MEDIUM] CVE-2009-1805: Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5 Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, whe

CVE-2009-1244 [MEDIUM] CVE-2009-1244: Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and ea Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS u

CVE-2008-4914 [MEDIUM] CVE-2008-4914: Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350 Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.

CVE-2008-4917 [HIGH] CWE-399 CVE-2008-4917: Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x version Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that trigg

CVE-2008-4281 [CRITICAL] CWE-22 CVE-2008-4281: Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 befor Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.

CVE-2008-4915 [MEDIUM] CWE-264 CVE-2008-4915: The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0 The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the

CVE-2008-0960 [MEDIUM] Updated ESX packages for libxml2, ucd-snmp, libtiff VMSA-2008-0017: Updated ESX packages for libxml2, ucd-snmp, libtiff a. Updated ESX Service Console package libxml2 A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the

CVE-2007-3514 [MEDIUM] Updated VirtualCenter addresses User Account Disclosure Vulnerability VMSA-2008-0012: Updated VirtualCenter addresses User Account Disclosure Vulnerability Updated VirtualCenter addresses User Account Disclosure Vulnerability 2. Relevant releases VirtualCenter 2.5 previous to Update 2 VirutalCenter 2.0.2 previous to Update 5 3. VirtualCenter User Account Disclosure Vulnerability An information disclosure vulnerability is present in VirtualCenter. Exploitation of this flaw

CVE-2008-2097 [CRITICAL] CWE-119 CVE-2008-2097: Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote aut Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."

CVE-2008-2100 [HIGH] CWE-119 CVE-2008-2100: Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6. Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CVE-2008-0967 [MEDIUM] CVE-2008-0967: Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 917 Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges vi

CVE-2008-2098 [MEDIUM] Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues VMSA-2008-0008: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMware Security AdvisorySynopsis: Updates to VMware Workstation, VMware Player, VMw