Filtered by vendor Vmware
Subscribe
Total
924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1785 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 7.8 HIGH | N/A |
| VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic. | |||||
| CVE-2012-1516 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 9.0 HIGH | 9.9 CRITICAL |
| The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | |||||
| CVE-2014-1208 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 3.3 LOW | N/A |
| VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. | |||||
| CVE-2011-2146 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 2.1 LOW | N/A |
| mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. | |||||
| CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 8.3 HIGH | N/A |
| VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
| CVE-2010-1193 | 1 Vmware | 1 Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages. | |||||
| CVE-2010-4655 | 3 Canonical, Linux, Vmware | 3 Ubuntu Linux, Linux Kernel, Esx | 2025-04-11 | 2.1 LOW | 5.5 MEDIUM |
| net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | |||||
| CVE-2012-1510 | 1 Vmware | 3 Esx, Esxi, View | 2025-04-11 | 7.2 HIGH | N/A |
| Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
| CVE-2011-2145 | 3 Freebsd, Oracle, Vmware | 7 Freebsd, Solaris, Esx and 4 more | 2025-04-11 | 6.3 MEDIUM | N/A |
| mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error." | |||||
| CVE-2012-3569 | 2 Microsoft, Vmware | 4 Windows, Ovf Tool, Player and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. | |||||
| CVE-2013-3658 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | |||||
| CVE-2012-1512 | 1 Vmware | 1 Vsphere | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. | |||||
| CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 4.3 MEDIUM | N/A |
| VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | |||||
| CVE-2012-1472 | 1 Vmware | 1 Vcenter Chargeback Manager | 2025-04-11 | 6.4 MEDIUM | N/A |
| VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. | |||||
| CVE-2011-3868 | 1 Vmware | 4 Ams, Fusion, Player and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image. | |||||
| CVE-2012-6325 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 4.0 MEDIUM | N/A |
| VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-0527 | 1 Vmware | 1 Tc Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. | |||||
| CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | 6.9 MEDIUM | N/A |
| vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | |||||
| CVE-2013-7315 | 2 Springsource, Vmware | 2 Spring Framework, Spring Framework | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. | |||||
| CVE-2009-4811 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. | |||||