cvelistv5 - cve-2014-8370

CVE-2014-8370 (GCVE-0-2014-8370)

Vulnerability from cvelistv5 – Published: 2015-01-29 18:00 – Updated: 2024-08-06 13:18

Summary

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://jvn.jp/en/jp/JVN88252465/index.html	third-party-advisoryx_refsource_JVN
	http://www.securitytracker.com/id/1031642	vdb-entryx_refsource_SECTRACK
	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007	third-party-advisoryx_refsource_JVNDB
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/62605	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/72338	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/62551	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1031643	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/62669	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:47.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#88252465",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
          },
          {
            "name": "1031642",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031642"
          },
          {
            "name": "JVNDB-2015-000007",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
          },
          {
            "name": "62605",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62605"
          },
          {
            "name": "72338",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72338"
          },
          {
            "name": "vmware-cve20148370-priv-esc(100933)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
          },
          {
            "name": "62551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62551"
          },
          {
            "name": "1031643",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031643"
          },
          {
            "name": "62669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62669"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "JVN#88252465",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
        },
        {
          "name": "1031642",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031642"
        },
        {
          "name": "JVNDB-2015-000007",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
        },
        {
          "name": "62605",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62605"
        },
        {
          "name": "72338",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72338"
        },
        {
          "name": "vmware-cve20148370-priv-esc(100933)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
        },
        {
          "name": "62551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62551"
        },
        {
          "name": "1031643",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031643"
        },
        {
          "name": "62669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62669"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8370",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#88252465",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
            },
            {
              "name": "1031642",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031642"
            },
            {
              "name": "JVNDB-2015-000007",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
            },
            {
              "name": "62605",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62605"
            },
            {
              "name": "72338",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72338"
            },
            {
              "name": "vmware-cve20148370-priv-esc(100933)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
            },
            {
              "name": "62551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62551"
            },
            {
              "name": "1031643",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031643"
            },
            {
              "name": "62669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62669"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8370",
    "datePublished": "2015-01-29T18:00:00",
    "dateReserved": "2014-10-21T00:00:00",
    "dateUpdated": "2024-08-06T13:18:47.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BBDD49B-0083-4743-B4F8-6214FE8F4822\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEBFD3AF-D8A3-4599-AF42-B47C0A62AA39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82AE914B-8688-4274-9D40-C3A166F112AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"043541FC-C4F9-4E71-8373-E9022DCC62DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"200179EA-B682-435D-948C-5B70B686D1AE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4BF84FD-2666-48F4-AEA6-4F2B30AF95BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"184E7883-BBAD-4687-881A-69F0A5341ACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2CFDBFB-3776-4615-AF3B-FCBD6840A95F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA730B34-3F72-451D-9960-DF44821A001C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67198AB1-95B1-4ECC-A4CE-E2EAE688E193\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D0119B9-916C-4A98-8542-10FFC4F71C80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35CA413B-AB24-4884-A052-2A30A0CA4E7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4B2275C-913F-43D9-8146-0B0CD737E485\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01512B1C-ABCF-4705-91E8-F51FE6397343\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A74B9F8A-E336-4421-ADA8-D2640DD7E67E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2331236-2E9B-4B52-81EE-B52DEB41ACE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C5A1C2B-119E-49F3-B8E6-0610EE1C445C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF29B5A4-6E4C-4EAE-BC6A-0DD44262EE35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7217CBE1-3882-4045-A15C-EE7D4174CA00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A405802-D786-46F9-9E29-C727F9FD480A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"469D98A5-7B8B-41BE-94C6-D6EF25388007\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.\"}, {\"lang\": \"es\", \"value\": \"VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, VMware Fusion 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permiten a usuarios del sistema operativo anfitri\\u00f3n ganar privilegios del sistema operativo anfitri\\u00f3n o causar una denegaci\\u00f3n de servicio (escritura arbitraria a un fichero) mediante la modificaci\\u00f3n de un fichero de configuraci\\u00f3n.\"}]",
      "id": "CVE-2014-8370",
      "lastModified": "2024-11-21T02:18:58.043",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-01-29T18:59:00.047",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN88252465/index.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secunia.com/advisories/62551\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/62605\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/62669\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/72338\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1031642\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1031643\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2015-0001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100933\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://jvn.jp/en/jp/JVN88252465/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secunia.com/advisories/62551\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/62605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/62669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/72338\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1031642\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1031643\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2015-0001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-8370\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-01-29T18:59:00.047\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.\"},{\"lang\":\"es\",\"value\":\"VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, VMware Fusion 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permiten a usuarios del sistema operativo anfitri\u00f3n ganar privilegios del sistema operativo anfitri\u00f3n o causar una denegaci\u00f3n de servicio (escritura arbitraria a un fichero) mediante la modificaci\u00f3n de un fichero de configuraci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBDD49B-0083-4743-B4F8-6214FE8F4822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEBFD3AF-D8A3-4599-AF42-B47C0A62AA39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82AE914B-8688-4274-9D40-C3A166F112AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"043541FC-C4F9-4E71-8373-E9022DCC62DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200179EA-B682-435D-948C-5B70B686D1AE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4BF84FD-2666-48F4-AEA6-4F2B30AF95BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184E7883-BBAD-4687-881A-69F0A5341ACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CFDBFB-3776-4615-AF3B-FCBD6840A95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA730B34-3F72-451D-9960-DF44821A001C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67198AB1-95B1-4ECC-A4CE-E2EAE688E193\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D0119B9-916C-4A98-8542-10FFC4F71C80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35CA413B-AB24-4884-A052-2A30A0CA4E7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4B2275C-913F-43D9-8146-0B0CD737E485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01512B1C-ABCF-4705-91E8-F51FE6397343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74B9F8A-E336-4421-ADA8-D2640DD7E67E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2331236-2E9B-4B52-81EE-B52DEB41ACE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C5A1C2B-119E-49F3-B8E6-0610EE1C445C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF29B5A4-6E4C-4EAE-BC6A-0DD44262EE35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7217CBE1-3882-4045-A15C-EE7D4174CA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A405802-D786-46F9-9E29-C727F9FD480A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"469D98A5-7B8B-41BE-94C6-D6EF25388007\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN88252465/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/62551\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/62605\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/62669\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/72338\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1031642\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1031643\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2015-0001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100933\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvn.jp/en/jp/JVN88252465/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/62551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/62605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/62669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/72338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1031642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1031643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2015-0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2015-AVI-044

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans VMware. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	Fusion	versions antérieures à VMware Fusion 6.0.5
VMware	Fusion	versions antérieures à VMware Fusion 7.0.1
VMware	ESXi	ESXi 5.5
VMware	N/A	versions antérieures à VMware Player 6.0.5
VMware	ESXi	ESXi 5.0
VMware	vCenter Server	versions antérieures à vCenter Server 5.5 Update 2d
VMware	ESXi	ESXi 5.1
VMware	N/A	Versions antérieures à VMware Workstation 10.0.5

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 27 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 VMware Fusion 6.0.5",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 VMware Fusion 7.0.1",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 5.5",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 VMware Player 6.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 5.0",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 vCenter Server 5.5 Update 2d",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 5.1",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 VMware Workstation 10.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2014-3513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3513"
    },
    {
      "name": "CVE-2014-3568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3568"
    },
    {
      "name": "CVE-2015-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1044"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2014-8370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8370"
    },
    {
      "name": "CVE-2015-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1043"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-044",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 27 janvier 2015",
      "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
    }
  ]
}

CERTFR-2015-AVI-044

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans VMware. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	Fusion	versions antérieures à VMware Fusion 6.0.5
VMware	Fusion	versions antérieures à VMware Fusion 7.0.1
VMware	ESXi	ESXi 5.5
VMware	N/A	versions antérieures à VMware Player 6.0.5
VMware	ESXi	ESXi 5.0
VMware	vCenter Server	versions antérieures à vCenter Server 5.5 Update 2d
VMware	ESXi	ESXi 5.1
VMware	N/A	Versions antérieures à VMware Workstation 10.0.5

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 27 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 VMware Fusion 6.0.5",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 VMware Fusion 7.0.1",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 5.5",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 VMware Player 6.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 5.0",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 vCenter Server 5.5 Update 2d",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 5.1",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 VMware Workstation 10.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2014-3513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3513"
    },
    {
      "name": "CVE-2014-3568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3568"
    },
    {
      "name": "CVE-2015-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1044"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2014-8370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8370"
    },
    {
      "name": "CVE-2015-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1043"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-044",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 27 janvier 2015",
      "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
    }
  ]
}

GSD-2014-8370

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-8370

Aliases

CVE-2014-8370

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8370",
    "description": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.",
    "id": "GSD-2014-8370"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8370"
      ],
      "details": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.",
      "id": "GSD-2014-8370",
      "modified": "2023-12-13T01:22:49.595485Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-8370",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#88252465",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
          },
          {
            "name": "1031642",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031642"
          },
          {
            "name": "JVNDB-2015-000007",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
          },
          {
            "name": "62605",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62605"
          },
          {
            "name": "72338",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72338"
          },
          {
            "name": "vmware-cve20148370-priv-esc(100933)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
          },
          {
            "name": "62551",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62551"
          },
          {
            "name": "1031643",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031643"
          },
          {
            "name": "62669",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62669"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8370"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2015-000007",
              "refsource": "JVNDB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
            },
            {
              "name": "JVN#88252465",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
            },
            {
              "name": "62605",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62605"
            },
            {
              "name": "62551",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62551"
            },
            {
              "name": "72338",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/72338"
            },
            {
              "name": "1031643",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1031643"
            },
            {
              "name": "1031642",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1031642"
            },
            {
              "name": "62669",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62669"
            },
            {
              "name": "vmware-cve20148370-priv-esc(100933)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-01-29T18:59Z"
    }
  }
}

JVNDB-2015-000007

Vulnerability from jvndb - Published: 2015-01-29 13:52 - Updated:2015-02-16 15:34

Severity ?

() - -

Summary

Arbitrary files may be overwritten in multiple VMware products

Details

Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN88252465/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8370
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	VMware	VMware Fusion
	VMware	VMware Player
	VMware	VMware Workstation
	VMware	VMware ESXi

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000007.html",
  "dc:date": "2015-02-16T15:34+09:00",
  "dcterms:issued": "2015-01-29T13:52+09:00",
  "dcterms:modified": "2015-02-16T15:34+09:00",
  "description": "Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000007.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:vmware:fusion",
      "@product": "VMware Fusion",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:player",
      "@product": "VMware Player",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:workstation",
      "@product": "VMware Workstation",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:vmware:esxi",
      "@product": "VMware ESXi",
      "@vendor": "VMware",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000007",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN88252465/index.html",
      "@id": "JVN#88252465",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370",
      "@id": "CVE-2014-8370",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8370",
      "@id": "CVE-2014-8370",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Arbitrary files may be overwritten in multiple VMware products"
}

CNVD-2015-00814

Vulnerability from cnvd - Published: 2015-01-30

Title

多个VMware产品存在远程权限提升漏洞

Description

VMWare是一个“虚拟PC”软件，可以在一台机器上同时运行二个或更多Windows、DOS、LINUX系统。多个VMware产品存在远程权限提升漏洞，允许远程攻击者利用此漏洞获取提升主机操作系统的权限。

Severity

高

Patch Name

多个VMware产品存在远程权限提升漏洞的补丁

Patch Description

VMWare是一个“虚拟PC”软件，可以在一台机器上同时运行二个或更多Windows、DOS、LINUX系统。多个VMware产品存在远程权限提升漏洞，允许远程攻击者利用此漏洞获取提升主机操作系统的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://www.vmware.com/

Reference

http://www.securityfocus.com/bid/72338

Impacted products

Name
['VMWare ESXi 5.0', 'VMWare ESXi 5.5', 'VMWare ESXi 5.1', 'VMWare Player 6.0 through 6.0.4', 'VMWare Fusion 6.0 through 6.0.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72338"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8370"
    }
  },
  "description": "VMWare\u662f\u4e00\u4e2a\u201c\u865a\u62dfPC\u201d\u8f6f\u4ef6\uff0c\u53ef\u4ee5\u5728\u4e00\u53f0\u673a\u5668\u4e0a\u540c\u65f6\u8fd0\u884c\u4e8c\u4e2a\u6216\u66f4\u591aWindows\u3001DOS\u3001LINUX\u7cfb\u7edf\u3002 \r\n\r\n\u591a\u4e2aVMware\u4ea7\u54c1\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u6743\u9650\u3002",
  "discovererName": "Shanon Olsson",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.vmware.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00814",
  "openTime": "2015-01-30",
  "patchDescription": "VMWare\u662f\u4e00\u4e2a\u201c\u865a\u62dfPC\u201d\u8f6f\u4ef6\uff0c\u53ef\u4ee5\u5728\u4e00\u53f0\u673a\u5668\u4e0a\u540c\u65f6\u8fd0\u884c\u4e8c\u4e2a\u6216\u66f4\u591aWindows\u3001DOS\u3001LINUX\u7cfb\u7edf\u3002 \r\n\r\n\u591a\u4e2aVMware\u4ea7\u54c1\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aVMware\u4ea7\u54c1\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMWare ESXi 5.0",
      "VMWare ESXi 5.5",
      "VMWare ESXi  5.1",
      "VMWare Player 6.0 through 6.0.4",
      "VMWare Fusion 6.0 through 6.0.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/72338",
  "serverity": "\u9ad8",
  "submitTime": "2015-01-29",
  "title": "\u591a\u4e2aVMware\u4ea7\u54c1\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

FKIE_CVE-2014-8370

Vulnerability from fkie_nvd - Published: 2015-01-29 18:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://jvn.jp/en/jp/JVN88252465/index.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007	Third Party Advisory, VDB Entry
cve@mitre.org	http://secunia.com/advisories/62551
cve@mitre.org	http://secunia.com/advisories/62605
cve@mitre.org	http://secunia.com/advisories/62669
cve@mitre.org	http://www.securityfocus.com/bid/72338	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1031642	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1031643	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2015-0001.html	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/100933
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN88252465/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62551
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62605
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62669
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72338	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031642	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031643	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2015-0001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/100933

Impacted products

Vendor	Product	Version
vmware	player	6.0
vmware	player	6.0.1
vmware	player	6.0.2
vmware	player	6.0.3
vmware	player	6.0.4
vmware	fusion	6.0
vmware	fusion	6.0.1
vmware	fusion	6.0.2
vmware	fusion	6.0.3
vmware	fusion	6.0.4
vmware	workstation	10.0
vmware	workstation	10.0.1
vmware	workstation	10.0.2
vmware	workstation	10.0.3
vmware	workstation	10.0.4
vmware	esxi	5.0
vmware	esxi	5.0
vmware	esxi	5.0
vmware	esxi	5.1
vmware	esxi	5.1
vmware	esxi	5.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBDD49B-0083-4743-B4F8-6214FE8F4822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEBFD3AF-D8A3-4599-AF42-B47C0A62AA39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82AE914B-8688-4274-9D40-C3A166F112AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "043541FC-C4F9-4E71-8373-E9022DCC62DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "200179EA-B682-435D-948C-5B70B686D1AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4BF84FD-2666-48F4-AEA6-4F2B30AF95BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "184E7883-BBAD-4687-881A-69F0A5341ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2CFDBFB-3776-4615-AF3B-FCBD6840A95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA730B34-3F72-451D-9960-DF44821A001C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67198AB1-95B1-4ECC-A4CE-E2EAE688E193",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D0119B9-916C-4A98-8542-10FFC4F71C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35CA413B-AB24-4884-A052-2A30A0CA4E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B2275C-913F-43D9-8146-0B0CD737E485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01512B1C-ABCF-4705-91E8-F51FE6397343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74B9F8A-E336-4421-ADA8-D2640DD7E67E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2331236-2E9B-4B52-81EE-B52DEB41ACE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*",
              "matchCriteriaId": "7C5A1C2B-119E-49F3-B8E6-0610EE1C445C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*",
              "matchCriteriaId": "AF29B5A4-6E4C-4EAE-BC6A-0DD44262EE35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7217CBE1-3882-4045-A15C-EE7D4174CA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*",
              "matchCriteriaId": "9A405802-D786-46F9-9E29-C727F9FD480A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "469D98A5-7B8B-41BE-94C6-D6EF25388007",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file."
    },
    {
      "lang": "es",
      "value": "VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, VMware Fusion 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permiten a usuarios del sistema operativo anfitri\u00f3n ganar privilegios del sistema operativo anfitri\u00f3n o causar una denegaci\u00f3n de servicio (escritura arbitraria a un fichero) mediante la modificaci\u00f3n de un fichero de configuraci\u00f3n."
    }
  ],
  "id": "CVE-2014-8370",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-29T18:59:00.047",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62551"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62605"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62669"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/72338"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031642"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031643"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/72338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3G8Q-4222-255F

Vulnerability from github – Published: 2022-05-17 01:13 – Updated: 2022-05-17 01:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8370"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-29T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.",
  "id": "GHSA-3g8q-4222-255f",
  "modified": "2022-05-17T01:13:36Z",
  "published": "2022-05-17T01:13:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8370"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100933"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN88252465/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62551"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62605"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62669"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72338"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031642"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031643"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2015-0001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8370 (GCVE-0-2014-8370)

CERTFR-2015-AVI-044

Solution

CERTFR-2015-AVI-044

Solution

GSD-2014-8370

JVNDB-2015-000007

CNVD-2015-00814

FKIE_CVE-2014-8370

GHSA-3G8Q-4222-255F

Tags

Sightings

Nomenclature