Vendor CVEs
VMware
All CVEs
967 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-5990 | 0.00 | — | 0.01 | Nov 21, 2006 | VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to… | |||
| CVE-2006-3589 | 0.00 | — | 0.00 | Jul 21, 2006 | vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. | |||
| CVE-2006-2662 | 0.00 | — | 0.00 | Jun 2, 2006 | VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | |||
| CVE-2005-3619 | 0.00 | — | 0.01 | Dec 31, 2005 | Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are… | |||
| CVE-2005-3620 | 0.00 | — | 0.00 | Dec 31, 2005 | The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. | |||
| CVE-2005-4773 | 0.00 | — | 0.00 | Dec 31, 2005 | The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console. | |||
| CVE-2005-3618 | 0.00 | — | 0.03 | Dec 31, 2005 | Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as… | |||
| CVE-2005-4583 | 0.00 | — | 0.04 | Dec 29, 2005 | Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | |||
| CVE-2005-2939 | 0.00 | — | 0.00 | Nov 18, 2005 | Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | |||
| CVE-2005-0444 | 0.00 | — | 0.00 | Feb 14, 2005 | VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | |||
| CVE-2004-2515 | 0.00 | — | 0.01 | Dec 31, 2004 | Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical… | |||
| CVE-2003-1291 | 0.00 | — | 0.00 | Dec 31, 2003 | VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables. | |||
| CVE-2003-0739 | 0.00 | — | 0.00 | Oct 20, 2003 | VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack. | |||
| CVE-2003-0631 | 0.00 | — | 0.00 | Aug 27, 2003 | VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | |||
| CVE-2003-0480 | 0.00 | — | 0.00 | Aug 7, 2003 | VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation." | |||
| CVE-2001-1059 | 0.00 | — | 0.00 | Jul 30, 2001 | VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | |||
| CVE-2000-0090 | 0.00 | — | 0.00 | Jan 17, 2000 | VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. |
- CVE-2006-5990Nov 21, 2006risk 0.00cvss —epss 0.01
VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to…
- CVE-2006-3589Jul 21, 2006risk 0.00cvss —epss 0.00
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
- CVE-2006-2662Jun 2, 2006risk 0.00cvss —epss 0.00
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
- CVE-2005-3619Dec 31, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are…
- CVE-2005-3620Dec 31, 2005risk 0.00cvss —epss 0.00
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
- CVE-2005-4773Dec 31, 2005risk 0.00cvss —epss 0.00
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.
- CVE-2005-3618Dec 31, 2005risk 0.00cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as…
- CVE-2005-4583Dec 29, 2005risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).
- CVE-2005-2939Nov 18, 2005risk 0.00cvss —epss 0.00
Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
- CVE-2005-0444Feb 14, 2005risk 0.00cvss —epss 0.00
VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.
- CVE-2004-2515Dec 31, 2004risk 0.00cvss —epss 0.01
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical…
- CVE-2003-1291Dec 31, 2003risk 0.00cvss —epss 0.00
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.
- CVE-2003-0739Oct 20, 2003risk 0.00cvss —epss 0.00
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
- CVE-2003-0631Aug 27, 2003risk 0.00cvss —epss 0.00
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
- CVE-2003-0480Aug 7, 2003risk 0.00cvss —epss 0.00
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
- CVE-2001-1059Jul 30, 2001risk 0.00cvss —epss 0.00
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
- CVE-2000-0090Jan 17, 2000risk 0.00cvss —epss 0.00
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
Page 20 of 20