Filtered by vendor Vmware
Subscribe
Total
892 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-6326 | 1 Vmware | 2 Vcenter Server, Vcenter Server Appliance | 2024-02-28 | 7.8 HIGH | N/A |
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. | |||||
CVE-2012-4897 | 1 Vmware | 1 Movie Decoder | 2024-02-28 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. | |||||
CVE-2013-6366 | 1 Vmware | 1 Hyperic Hq | 2024-02-28 | 6.5 MEDIUM | N/A |
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | |||||
CVE-2012-1517 | 1 Vmware | 2 Esx, Esxi | 2024-02-28 | 9.0 HIGH | N/A |
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers. | |||||
CVE-2009-2899 | 1 Vmware | 1 Hyperic Hq | 2024-02-28 | 2.1 LOW | N/A |
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. | |||||
CVE-2013-3520 | 1 Vmware | 1 Vcenter Chargeback Manager | 2024-02-28 | 7.5 HIGH | N/A |
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2012-5050 | 1 Vmware | 1 Vcenter Operations | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-1406 | 2 Microsoft, Vmware | 6 Windows, Esx, Esxi and 3 more | 2024-02-28 | 7.2 HIGH | N/A |
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2024-02-28 | 6.9 MEDIUM | N/A |
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | |||||
CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | |||||
CVE-2012-5703 | 1 Vmware | 2 Esx, Esxi | 2024-02-28 | 5.0 MEDIUM | N/A |
The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. | |||||
CVE-2012-5459 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2024-02-28 | 7.9 HIGH | N/A |
Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." | |||||
CVE-2011-2731 | 1 Vmware | 1 Springsource Spring Security | 2024-02-28 | 5.1 MEDIUM | N/A |
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread. | |||||
CVE-2013-3519 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2024-02-28 | 7.9 HIGH | N/A |
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. | |||||
CVE-2012-1666 | 1 Vmware | 5 Esx, Fusion, Player and 2 more | 2024-02-28 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. | |||||
CVE-2013-5972 | 1 Vmware | 2 Player, Workstation | 2024-02-28 | 7.2 HIGH | N/A |
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. | |||||
CVE-2012-6324 | 1 Vmware | 1 Vcenter Server Appliance | 2024-02-28 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
CVE-2013-3658 | 1 Vmware | 2 Esx, Esxi | 2024-02-28 | 9.4 HIGH | N/A |
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | |||||
CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2024-02-28 | 8.3 HIGH | N/A |
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
CVE-2012-5051 | 1 Vmware | 1 Capacityiq | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. |