Filtered by vendor Vmware
Subscribe
Total
892 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5025 | 1 Vmware | 1 Ace | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user." | |||||
CVE-2007-1271 | 1 Vmware | 1 Esx | 2024-02-28 | 6.6 MEDIUM | N/A |
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2007-2491 | 1 Vmware | 2 Server, Workstation | 2024-02-28 | 7.2 HIGH | N/A |
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337. | |||||
CVE-2007-0833 | 1 Vmware | 1 Workstation | 2024-02-28 | 1.2 LOW | N/A |
VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. | |||||
CVE-2007-0061 | 2 Canonical, Vmware | 6 Ubuntu Linux, Ace, Esx and 3 more | 2024-02-28 | 10.0 HIGH | N/A |
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory." | |||||
CVE-2007-4593 | 1 Vmware | 1 Workstation | 2024-02-28 | 6.9 MEDIUM | N/A |
Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-1337 | 1 Vmware | 1 Workstation | 2024-02-28 | 7.8 HIGH | N/A |
The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. | |||||
CVE-2007-1744 | 2 Microsoft, Vmware | 2 Windows Xp, Workstation | 2024-02-28 | 6.3 MEDIUM | N/A |
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. | |||||
CVE-2008-0923 | 1 Vmware | 5 Ace, Player, Vmware Player and 2 more | 2024-02-28 | 6.9 MEDIUM | N/A |
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. | |||||
CVE-2005-4583 | 1 Vmware | 1 Esx | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | |||||
CVE-2005-4773 | 1 Vmware | 1 Esx | 2024-02-28 | 4.9 MEDIUM | N/A |
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console. | |||||
CVE-2006-3589 | 1 Vmware | 5 Esx, Infrastructure, Player and 2 more | 2024-02-28 | 3.6 LOW | N/A |
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. | |||||
CVE-2004-2515 | 1 Vmware | 1 Workstation | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | |||||
CVE-2006-2481 | 1 Vmware | 1 Esx | 2024-02-28 | 5.0 MEDIUM | N/A |
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | |||||
CVE-2005-0444 | 1 Vmware | 1 Workstation | 2024-02-28 | 4.6 MEDIUM | N/A |
VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | |||||
CVE-2005-3619 | 1 Vmware | 1 Esx | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. | |||||
CVE-2005-3618 | 1 Vmware | 1 Esx | 2024-02-28 | 7.6 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks. | |||||
CVE-2005-3620 | 1 Vmware | 1 Esx | 2024-02-28 | 2.1 LOW | N/A |
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. | |||||
CVE-2006-2662 | 1 Vmware | 1 Server | 2024-02-28 | 4.6 MEDIUM | N/A |
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | |||||
CVE-2005-2939 | 1 Vmware | 1 Workstation | 2024-02-28 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. |