Filtered by vendor Vmware
Subscriptions
Total
901 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-2732 | 1 Vmware | 1 Springsource Spring Security | 2024-11-21 | N/A |
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter. | ||||
CVE-2011-2731 | 1 Vmware | 1 Springsource Spring Security | 2024-11-21 | N/A |
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread. | ||||
CVE-2011-2217 | 2 Tomsawyer, Vmware | 3 Get Extension Factory, Infrastructure, Virtual Infrastructure Client | 2024-11-21 | N/A |
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document. | ||||
CVE-2011-2146 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2024-11-21 | N/A |
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. | ||||
CVE-2011-2145 | 3 Freebsd, Oracle, Vmware | 7 Freebsd, Solaris, Esx and 4 more | 2024-11-21 | N/A |
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error." | ||||
CVE-2011-1789 | 1 Vmware | 3 Esx, Esxi, Vcenter | 2024-11-21 | N/A |
The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. | ||||
CVE-2011-1788 | 1 Vmware | 1 Vcenter | 2024-11-21 | N/A |
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. | ||||
CVE-2011-1787 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2024-11-21 | N/A |
Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory. | ||||
CVE-2011-1786 | 2 Likewise, Vmware | 3 Likewise Open, Esx, Esxi | 2024-11-21 | N/A |
lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence. | ||||
CVE-2011-1785 | 1 Vmware | 2 Esx, Esxi | 2024-11-21 | N/A |
VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic. | ||||
CVE-2011-1681 | 1 Vmware | 1 Open-vm-tools | 2024-11-21 | N/A |
vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | ||||
CVE-2011-1126 | 2 Linux, Vmware | 3 Linux Kernel, Vix Api, Workstation | 2024-11-21 | N/A |
VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory. | ||||
CVE-2011-0527 | 1 Vmware | 1 Tc Server | 2024-11-21 | N/A |
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. | ||||
CVE-2011-0426 | 1 Vmware | 2 Vcenter, Virtualcenter | 2024-11-21 | N/A |
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2011-0355 | 2 Cisco, Vmware | 3 1000v Virtual Ethernet Module \(vem\), Esx, Esxi | 2024-11-21 | N/A |
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451. | ||||
CVE-2010-4655 | 4 Canonical, Linux, Redhat and 1 more | 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | 5.5 Medium |
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | ||||
CVE-2010-4573 | 1 Vmware | 1 Esxi | 2024-11-21 | N/A |
The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. | ||||
CVE-2010-4526 | 3 Linux, Redhat, Vmware | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | N/A |
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | ||||
CVE-2010-4343 | 3 Linux, Redhat, Vmware | 3 Linux Kernel, Enterprise Linux, Esx | 2024-11-21 | 5.5 Medium |
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. | ||||
CVE-2010-4297 | 1 Vmware | 6 Esx, Esxi, Fusion and 3 more | 2024-11-21 | N/A |
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. |