| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-5978 |
22 |
|
Dir. Trav. |
2012-12-19 |
2013-03-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors. |
|
2 |
CVE-2012-5703 |
20 |
|
DoS |
2012-11-20 |
2013-03-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. |
|
3 |
CVE-2012-5055 |
200 |
|
+Info |
2012-12-05 |
2012-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. |
|
4 |
CVE-2012-5051 |
22 |
|
Dir. Trav. |
2012-10-05 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. |
|
5 |
CVE-2011-4404 |
16 |
|
Dir. Trav. |
2011-11-18 |
2011-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. |
|
6 |
CVE-2011-2731 |
362 |
|
+Priv |
2012-12-05 |
2012-12-26 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread. |
|
7 |
CVE-2011-1789 |
310 |
|
|
2011-05-09 |
2011-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. |
|
8 |
CVE-2011-1786 |
399 |
|
DoS |
2011-05-03 |
2011-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence. |
|
9 |
CVE-2011-0527 |
287 |
|
|
2011-08-15 |
2012-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. |
|
10 |
CVE-2010-3700 |
264 |
|
Bypass |
2010-10-29 |
2010-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. |
|
11 |
CVE-2010-3609 |
|
|
DoS |
2011-03-11 |
2013-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information. |
|
12 |
CVE-2010-1138 |
200 |
|
+Info |
2010-04-12 |
2013-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. |
|
13 |
CVE-2009-4811 |
134 |
|
DoS |
2010-04-27 |
2013-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information. |
|
14 |
CVE-2009-3733 |
22 |
|
Dir. Trav. |
2009-11-02 |
2013-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. |
|
15 |
CVE-2009-3707 |
134 |
|
DoS |
2009-10-16 |
2013-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. |
|
16 |
CVE-2009-2968 |
22 |
|
Dir. Trav. |
2009-09-02 |
2010-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors. |
|
17 |
CVE-2009-0177 |
399 |
|
DoS |
2009-01-20 |
2011-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command. |
|
18 |
CVE-2008-3697 |
20 |
|
DoS |
2008-09-03 |
2009-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request. |
|
19 |
CVE-2008-3514 |
200 |
|
+Info |
2008-08-13 |
2011-03-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." |
|
20 |
CVE-2007-4497 |
264 |
|
DoS |
2007-09-21 |
2008-09-05 |
5.5 |
None |
Local Network |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. |
|
21 |
CVE-2007-4059 |
|
1
|
|
2007-07-30 |
2008-09-10 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method. |
|
22 |
CVE-2007-1270 |
189 |
|
DoS Exec Code +Info |
2007-04-05 |
2009-03-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. |
|
23 |
CVE-2006-2481 |
|
|
+Priv XSS |
2006-07-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). |
|
24 |
CVE-2004-0112 |
|
|
DoS |
2004-11-23 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. |
|
25 |
CVE-2004-0081 |
|
|
DoS |
2004-11-23 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |
|
26 |
CVE-2004-0079 |
|
|
DoS |
2004-11-23 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. |
