Vcenter Server
by VMware
CVEs (80)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-3994 | 0.00 | — | 0.01 | Oct 20, 2020 | VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and… | |||
| CVE-2020-3976 | 0.00 | — | 0.02 | Aug 21, 2020 | VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | |||
| CVE-2019-5531 | 0.00 | — | 0.01 | Sep 18, 2019 | VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in… | |||
| CVE-2019-5532 | 0.00 | — | 0.02 | Sep 18, 2019 | VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files… | |||
| CVE-2019-5534 | 0.00 | — | 0.02 | Sep 18, 2019 | VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious… | |||
| CVE-2015-1047 | 0.00 | — | 0.03 | Oct 12, 2015 | vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message. | |||
| CVE-2015-6932 | 0.00 | — | 0.01 | Sep 18, 2015 | VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2014-4241 | 0.00 | — | 0.04 | Jul 17, 2014 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. | |||
| CVE-2013-5971 | 0.00 | — | 0.02 | Oct 21, 2013 | Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | |||
| CVE-2013-3107 | 0.00 | — | 0.02 | May 1, 2013 | VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | |||
| CVE-2013-1659 | 0.00 | — | 0.02 | Feb 22, 2013 | VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code… | |||
| CVE-2012-6326 | 0.00 | — | 0.01 | Feb 22, 2013 | VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. | |||
| CVE-2013-1405 | 0.00 | — | 0.03 | Feb 15, 2013 | VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the… | |||
| CVE-2011-1789 | 0.00 | — | 0.02 | May 9, 2011 | The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for… | |||
| CVE-2011-1788 | 0.00 | — | 0.00 | May 9, 2011 | vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. | |||
| CVE-2011-0426 | 0.00 | — | 0.02 | May 9, 2011 | Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2010-2928 | 0.00 | — | 0.00 | Feb 16, 2011 | The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. | |||
| CVE-2009-3731 | 0.00 | — | 0.03 | Dec 16, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x… | |||
| CVE-2009-1072 | 0.00 | — | 0.00 | Mar 25, 2009 | nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. | |||
| CVE-2009-0778 | 0.00 | — | 0.05 | Mar 12, 2009 | The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable… |
- CVE-2020-3994Oct 20, 2020risk 0.00cvss —epss 0.01
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and…
- CVE-2020-3976Aug 21, 2020risk 0.00cvss —epss 0.02
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
- CVE-2019-5531Sep 18, 2019risk 0.00cvss —epss 0.01
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in…
- CVE-2019-5532Sep 18, 2019risk 0.00cvss —epss 0.02
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files…
- CVE-2019-5534Sep 18, 2019risk 0.00cvss —epss 0.02
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious…
- CVE-2015-1047Oct 12, 2015risk 0.00cvss —epss 0.03
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.
- CVE-2015-6932Sep 18, 2015risk 0.00cvss —epss 0.01
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2014-4241Jul 17, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.
- CVE-2013-5971Oct 21, 2013risk 0.00cvss —epss 0.02
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
- CVE-2013-3107May 1, 2013risk 0.00cvss —epss 0.02
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.
- CVE-2013-1659Feb 22, 2013risk 0.00cvss —epss 0.02
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code…
- CVE-2012-6326Feb 22, 2013risk 0.00cvss —epss 0.01
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.
- CVE-2013-1405Feb 15, 2013risk 0.00cvss —epss 0.03
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the…
- CVE-2011-1789May 9, 2011risk 0.00cvss —epss 0.02
The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for…
- CVE-2011-1788May 9, 2011risk 0.00cvss —epss 0.00
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.
- CVE-2011-0426May 9, 2011risk 0.00cvss —epss 0.02
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2010-2928Feb 16, 2011risk 0.00cvss —epss 0.00
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
- CVE-2009-3731Dec 16, 2009risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x…
- CVE-2009-1072Mar 25, 2009risk 0.00cvss —epss 0.00
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
- CVE-2009-0778Mar 12, 2009risk 0.00cvss —epss 0.05
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable…
Page 4 of 4