- Home
- CVEs with nessus.description==The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities :
- An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution.
(CVE-2009-5029)
- An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064)
- An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830)
- An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089)
- An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202)
- An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102)
- An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970)
- An error exists in the glibc library in the svc_run() function that allows a denial of service.
(CVE-2011-4609)
- An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864)
- Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807)
- Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871)
- A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution.
(CVE-2012-2870)
- Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
- Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480)
- A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134)
- An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top