Filtered by vendor Vmware
Subscriptions
Filtered by product Vcenter Server
Subscriptions
Total
73 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2024-09-17 | N/A |
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | ||||
CVE-2013-1405 | 1 Vmware | 6 Esx, Esxi, Vcenter Server and 3 more | 2024-09-17 | N/A |
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
CVE-2017-4927 | 1 Vmware | 1 Vcenter Server | 2024-09-17 | N/A |
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | ||||
CVE-2013-1659 | 1 Vmware | 3 Esxi, Vcenter Server, Vcenter Server Appliance | 2024-09-17 | N/A |
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream. | ||||
CVE-2012-6326 | 1 Vmware | 2 Vcenter Server, Vcenter Server Appliance | 2024-09-16 | N/A |
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. | ||||
CVE-2017-4943 | 1 Vmware | 1 Vcenter Server | 2024-09-16 | N/A |
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. | ||||
CVE-2017-4926 | 1 Vmware | 1 Vcenter Server | 2024-09-16 | N/A |
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. | ||||
CVE-2017-4919 | 1 Vmware | 1 Vcenter Server | 2024-09-16 | N/A |
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | ||||
CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-09-11 | 4.3 Medium |
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | ||||
CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-30 | 9.8 Critical |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
CVE-2024-37079 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-30 | 9.8 Critical |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
CVE-2023-34048 | 1 Vmware | 1 Vcenter Server | 2024-08-19 | 9.8 Critical |
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | ||||
CVE-2022-22948 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-14 | 6.5 Medium |
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | ||||
CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2024-08-07 | 7.8 High |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||||
CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2024-08-07 | 6.5 Medium |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
CVE-2009-1072 | 8 Canonical, Debian, Linux and 5 more | 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more | 2024-08-07 | N/A |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. | ||||
CVE-2010-2928 | 1 Vmware | 1 Vcenter Server | 2024-08-07 | N/A |
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. | ||||
CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2024-08-06 | N/A |
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | ||||
CVE-2014-4241 | 2 Oracle, Vmware | 4 Fusion Middleware, Esxi, Vcenter Server and 1 more | 2024-08-06 | N/A |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. | ||||
CVE-2015-6931 | 1 Vmware | 1 Vcenter Server | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |