Vmware Vma vulnerabilities

CVE-2012-2752 [HIGH] CVE-2012-2752: Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to g Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVE-2009-3547 [HIGH] CWE-362 CVE-2009-3547: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cau Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

CVE-2009-3621 [MEDIUM] CWE-400 CVE-2009-3621: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

CVE-2009-2848 [MEDIUM] CWE-269 CVE-2009-2848: The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear th The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled duri

CVE-2009-2416 [MEDIUM] CWE-416 CVE-2009-2416: Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and l Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CVE-2009-1072 [MEDIUM] CWE-16 CVE-2009-1072: nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a us nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

CVE-2009-0778 [HIGH] CVE-2009-0778: The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a ro The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage)