VYPR

Vendor CVEs

VMware

All CVEs

967 total · sorted by risk
  • CVE-2006-5990Nov 21, 2006
    risk 0.00cvss epss 0.01

    VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to…

  • CVE-2006-3589Jul 21, 2006
    risk 0.00cvss epss 0.00

    vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

  • CVE-2006-2662Jun 2, 2006
    risk 0.00cvss epss 0.00

    VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.

  • CVE-2005-3619Dec 31, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are…

  • CVE-2005-3620Dec 31, 2005
    risk 0.00cvss epss 0.00

    The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.

  • CVE-2005-4773Dec 31, 2005
    risk 0.00cvss epss 0.00

    The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.

  • CVE-2005-3618Dec 31, 2005
    risk 0.00cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as…

  • CVE-2005-4583Dec 29, 2005
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).

  • CVE-2005-2939Nov 18, 2005
    risk 0.00cvss epss 0.00

    Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

  • CVE-2005-0444Feb 14, 2005
    risk 0.00cvss epss 0.00

    VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.

  • CVE-2004-2515Dec 31, 2004
    risk 0.00cvss epss 0.01

    Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical…

  • CVE-2003-1291Dec 31, 2003
    risk 0.00cvss epss 0.00

    VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.

  • CVE-2003-0739Oct 20, 2003
    risk 0.00cvss epss 0.00

    VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.

  • CVE-2003-0631Aug 27, 2003
    risk 0.00cvss epss 0.00

    VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.

  • CVE-2003-0480Aug 7, 2003
    risk 0.00cvss epss 0.00

    VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."

  • CVE-2001-1059Jul 30, 2001
    risk 0.00cvss epss 0.00

    VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.

  • CVE-2000-0090Jan 17, 2000
    risk 0.00cvss epss 0.00

    VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.

Page 20 of 20