Esx Server
by VMware
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-2481 | 0.04 | — | 0.07 | Jul 31, 2006 | VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site… | |||
| CVE-2007-5360 | 0.01 | — | 0.15 | Jan 8, 2008 | Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a… | |||
| CVE-2010-1137 | 0.00 | — | 0.02 | Apr 1, 2010 | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. | |||
| CVE-2010-0686 | 0.00 | — | 0.02 | Apr 1, 2010 | WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." | |||
| CVE-2009-2277 | 0.00 | — | 0.02 | Apr 1, 2010 | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." | |||
| CVE-2009-3731 | 0.00 | — | 0.03 | Dec 16, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x… | |||
| CVE-2008-0967 | 0.00 | — | 0.00 | Jun 5, 2008 | Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware… | |||
| CVE-2007-5671 | 0.00 | — | 0.00 | Jun 5, 2008 | HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments… | |||
| CVE-2008-2100 | 0.00 | — | 0.01 | Jun 5, 2008 | Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary… | |||
| CVE-2007-1271 | 0.00 | — | 0.00 | Apr 6, 2007 | Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2007-1270 | 0.00 | — | 0.03 | Apr 6, 2007 | Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2006-3589 | 0.00 | — | 0.00 | Jul 21, 2006 | vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. | |||
| CVE-2005-3620 | 0.00 | — | 0.00 | Dec 31, 2005 | The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. | |||
| CVE-2005-4773 | 0.00 | — | 0.00 | Dec 31, 2005 | The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console. | |||
| CVE-2005-3618 | 0.00 | — | 0.03 | Dec 31, 2005 | Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as… | |||
| CVE-2005-4583 | 0.00 | — | 0.04 | Dec 29, 2005 | Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | |||
| CVE-2003-1291 | 0.00 | — | 0.00 | Dec 31, 2003 | VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables. |
- CVE-2006-2481Jul 31, 2006risk 0.04cvss —epss 0.07
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site…
- CVE-2007-5360Jan 8, 2008risk 0.01cvss —epss 0.15
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a…
- CVE-2010-1137Apr 1, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
- CVE-2010-0686Apr 1, 2010risk 0.00cvss —epss 0.02
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
- CVE-2009-2277Apr 1, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
- CVE-2009-3731Dec 16, 2009risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x…
- CVE-2008-0967Jun 5, 2008risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware…
- CVE-2007-5671Jun 5, 2008risk 0.00cvss —epss 0.00
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments…
- CVE-2008-2100Jun 5, 2008risk 0.00cvss —epss 0.01
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary…
- CVE-2007-1271Apr 6, 2007risk 0.00cvss —epss 0.00
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
- CVE-2007-1270Apr 6, 2007risk 0.00cvss —epss 0.03
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
- CVE-2006-3589Jul 21, 2006risk 0.00cvss —epss 0.00
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
- CVE-2005-3620Dec 31, 2005risk 0.00cvss —epss 0.00
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
- CVE-2005-4773Dec 31, 2005risk 0.00cvss —epss 0.00
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.
- CVE-2005-3618Dec 31, 2005risk 0.00cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as…
- CVE-2005-4583Dec 29, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).
- CVE-2003-1291Dec 31, 2003risk 0.00cvss —epss 0.00
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.