Filtered by vendor Vmware
Subscribe
Total
780 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2481 | 1 Vmware | 1 Esx | 2018-10-30 | 5.0 MEDIUM | N/A |
| VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | |||||
| CVE-2009-1147 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2018-10-30 | 7.2 HIGH | N/A |
| Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors. | |||||
| CVE-2005-4459 | 1 Vmware | 4 Ace, Gsx Server, Player and 1 more | 2018-10-30 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands. | |||||
| CVE-2005-3618 | 1 Vmware | 1 Esx | 2018-10-30 | 7.6 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks. | |||||
| CVE-2005-3619 | 1 Vmware | 1 Esx | 2018-10-30 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. | |||||
| CVE-2005-3620 | 1 Vmware | 1 Esx | 2018-10-30 | 2.1 LOW | N/A |
| The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. | |||||
| CVE-2005-4583 | 1 Vmware | 1 Esx | 2018-10-30 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | |||||
| CVE-2009-1244 | 1 Vmware | 7 Ace, Esx, Esxi and 4 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916. | |||||
| CVE-2009-1146 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2018-10-30 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761. | |||||
| CVE-2007-5617 | 1 Vmware | 2 Player, Workstation | 2018-10-26 | 10.0 HIGH | N/A |
| Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images. | |||||
| CVE-2007-5618 | 1 Vmware | 3 Player, Server, Workstation | 2018-10-26 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. | |||||
| CVE-2006-3547 | 1 Vmware | 1 Player | 2018-10-18 | 2.6 LOW | N/A |
| ** DISPUTED ** EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed. | |||||
| CVE-2006-2662 | 1 Vmware | 1 Server | 2018-10-18 | 4.6 MEDIUM | N/A |
| VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | |||||
| CVE-2006-6410 | 1 Vmware | 1 Workstation | 2018-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function. | |||||
| CVE-2006-5990 | 1 Vmware | 1 Virtualcenter | 2018-10-17 | 4.0 MEDIUM | N/A |
| VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. | |||||
| CVE-2007-1877 | 1 Vmware | 1 Workstation | 2018-10-16 | 7.8 HIGH | N/A |
| VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information. | |||||
| CVE-2007-1876 | 2 Microsoft, Vmware | 3 Windows 2003 Server, Windows Xp, Workstation | 2018-10-16 | 7.2 HIGH | N/A |
| VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." | |||||
| CVE-2007-1744 | 2 Microsoft, Vmware | 2 Windows Xp, Workstation | 2018-10-16 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. | |||||
| CVE-2007-1337 | 1 Vmware | 1 Workstation | 2018-10-16 | 7.8 HIGH | N/A |
| The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. | |||||
| CVE-2007-1069 | 1 Vmware | 1 Workstation | 2018-10-16 | 7.8 HIGH | N/A |
| The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). | |||||