Vulnerabilities > Vmware > ESX > 3.0.0

DATE CVE VULNERABILITY TITLE RISK
2008-10-06 CVE-2008-4279 Permissions, Privileges, and Access Controls vulnerability in VMWare products
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.
local
low complexity
vmware CWE-264
6.8
2008-06-05 CVE-2008-2100 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
local
low complexity
vmware CWE-119
7.2
2008-06-05 CVE-2008-0967 Local Privilege Escalation vulnerability in VMware vmware-authd Daemon
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
local
vmware
6.9
2008-06-05 CVE-2007-5671 Improper Input Validation vulnerability in VMWare products
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
local
vmware CWE-20
4.4
2007-09-21 CVE-2007-0063 Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
network
low complexity
vmware canonical CWE-191
critical
10.0
2007-09-21 CVE-2007-0061 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
network
low complexity
vmware canonical CWE-119
critical
10.0
2007-04-06 CVE-2007-1271 Buffer Overflow vulnerability in VMWare ESX 3.0.0/3.0.1
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
local
vmware
6.6
2007-04-06 CVE-2007-1270 Numeric Errors vulnerability in VMWare ESX and ESX Server
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
network
low complexity
vmware CWE-189
5.0