Filtered by vendor Vmware
Subscribe
Total
896 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7459 | 1 Vmware | 1 Vcenter Server | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
| VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-7086 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. | |||||
| CVE-2016-5336 | 1 Vmware | 1 Vrealize Automation | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-6932 | 1 Vmware | 1 Vcenter Server | 2025-04-12 | 5.8 MEDIUM | N/A |
| VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-3609 | 2 Openslp, Vmware | 3 Openslp, Esx, Esxi | 2025-04-11 | 5.0 MEDIUM | N/A |
| The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-6429 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-11 | 6.8 MEDIUM | N/A |
| The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. | |||||
| CVE-2012-5051 | 1 Vmware | 1 Capacityiq | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-1659 | 1 Vmware | 3 Esxi, Vcenter Server, Vcenter Server Appliance | 2025-04-11 | 7.6 HIGH | N/A |
| VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream. | |||||
| CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | |||||
| CVE-2010-3081 | 3 Linux, Suse, Vmware | 4 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 1 more | 2025-04-11 | 7.2 HIGH | 7.8 HIGH |
| The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. | |||||
| CVE-2011-0527 | 1 Vmware | 1 Tc Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. | |||||
| CVE-2013-1406 | 2 Microsoft, Vmware | 6 Windows, Esx, Esxi and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-4297 | 1 Vmware | 6 Esx, Esxi, Fusion and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. | |||||
| CVE-2012-5050 | 1 Vmware | 1 Vcenter Operations | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0211 | 4 Apple, Openldap, Opensuse and 1 more | 5 Mac Os X, Mac Os X Server, Openldap and 2 more | 2025-04-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | |||||
| CVE-2009-3732 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-4251 | 3 Linux, Redhat, Vmware | 3 Linux Kernel, Enterprise Linux, Esx | 2025-04-11 | 7.8 HIGH | 7.5 HIGH |
| The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. | |||||
| CVE-2011-1126 | 2 Linux, Vmware | 3 Linux Kernel, Vix Api, Workstation | 2025-04-11 | 6.9 MEDIUM | N/A |
| VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory. | |||||
| CVE-2009-4811 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2928 | 1 Vmware | 1 Vcenter Server | 2025-04-11 | 2.1 LOW | N/A |
| The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. | |||||