Filtered by vendor Vmware
Subscriptions
Total
956 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1508 | 1 Vmware | 3 Esx, Esxi, View | 2025-04-11 | N/A |
| The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||||
| CVE-2013-3658 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | ||||
| CVE-2009-2277 | 1 Vmware | 2 Esx Server, Virtualcenter | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." | ||||
| CVE-2011-0527 | 1 Vmware | 1 Tc Server | 2025-04-11 | N/A |
| VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. | ||||
| CVE-2010-1141 | 2 Microsoft, Vmware | 8 Windows, Ace, Esx and 5 more | 2025-04-11 | N/A |
| VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. | ||||
| CVE-2011-3868 | 1 Vmware | 4 Ams, Fusion, Player and 1 more | 2025-04-11 | N/A |
| Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image. | ||||
| CVE-2011-0355 | 2 Cisco, Vmware | 3 1000v Virtual Ethernet Module \(vem\), Esx, Esxi | 2025-04-11 | N/A |
| Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451. | ||||
| CVE-2013-3520 | 1 Vmware | 1 Vcenter Chargeback Manager | 2025-04-11 | N/A |
| VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2010-3081 | 4 Linux, Redhat, Suse and 1 more | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2025-04-11 | 7.8 High |
| The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. | ||||
| CVE-2010-4655 | 4 Canonical, Linux, Redhat and 1 more | 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-04-11 | 5.5 Medium |
| net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | ||||
| CVE-2011-2894 | 2 Redhat, Vmware | 3 Jboss Soa Platform, Spring Framework, Spring Security | 2025-04-11 | N/A |
| Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class. | ||||
| CVE-2009-1565 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2025-04-11 | N/A |
| vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." | ||||
| CVE-2009-3732 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2025-04-11 | N/A |
| Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2010-3078 | 6 Canonical, Linux, Opensuse and 3 more | 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 5.5 Medium |
| The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | ||||
| CVE-2010-4573 | 1 Vmware | 1 Esxi | 2025-04-11 | N/A |
| The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. | ||||
| CVE-2010-2942 | 7 Avaya, Canonical, Linux and 4 more | 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more | 2025-04-11 | 5.5 Medium |
| The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. | ||||
| CVE-2010-2928 | 1 Vmware | 1 Vcenter Server | 2025-04-11 | N/A |
| The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. | ||||
| CVE-2010-1140 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-11 | N/A |
| The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. | ||||
| CVE-2013-1406 | 2 Microsoft, Vmware | 6 Windows, Esx, Esxi and 3 more | 2025-04-11 | N/A |
| The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2010-1138 | 2 Microsoft, Vmware | 6 Windows, Ace, Fusion and 3 more | 2025-04-11 | N/A |
| The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. | ||||