Filtered by vendor Vmware
Subscribe
Total
875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8372 | 1 Vmware | 1 Airwatch | 2023-12-10 | 4.0 MEDIUM | N/A |
| AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. | |||||
| CVE-2014-1208 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2023-12-10 | 3.3 LOW | N/A |
| VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. | |||||
| CVE-2014-1209 | 1 Vmware | 1 Vsphere Client | 2023-12-10 | 9.3 HIGH | N/A |
| VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. | |||||
| CVE-2014-1210 | 1 Vmware | 1 Vsphere Client | 2023-12-10 | 5.8 MEDIUM | N/A |
| VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | |||||
| CVE-2014-1211 | 1 Vmware | 1 Vcloud Director | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | |||||
| CVE-2014-4241 | 2 Oracle, Vmware | 4 Fusion Middleware, Esxi, Vcenter Server and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. | |||||
| CVE-2014-8371 | 1 Vmware | 1 Vcenter Server Appliance | 2023-12-10 | 4.3 MEDIUM | N/A |
| VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. | |||||
| CVE-2014-0054 | 2 Springsource, Vmware | 2 Spring Framework, Spring Framework | 2023-12-10 | 6.8 MEDIUM | N/A |
| The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. | |||||
| CVE-2014-1207 | 1 Vmware | 2 Esx, Esxi | 2023-12-10 | 4.3 MEDIUM | N/A |
| VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. | |||||
| CVE-2013-7315 | 2 Springsource, Vmware | 2 Spring Framework, Spring Framework | 2023-12-10 | 6.8 MEDIUM | N/A |
| The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. | |||||
| CVE-2014-3797 | 1 Vmware | 1 Vcenter Server Appliance | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4632 | 1 Vmware | 1 Vsphere Data Protection | 2023-12-10 | 4.3 MEDIUM | N/A |
| VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. | |||||
| CVE-2014-3793 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2023-12-10 | 5.8 MEDIUM | N/A |
| VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. | |||||
| CVE-2014-8373 | 1 Vmware | 1 Vcloud Automation Center | 2023-12-10 | 9.0 HIGH | N/A |
| The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function. | |||||
| CVE-2014-4200 | 1 Vmware | 3 Tools, Vm-support, Workstation | 2023-12-10 | 4.7 MEDIUM | N/A |
| vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. | |||||
| CVE-2013-6429 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2023-12-10 | 6.8 MEDIUM | N/A |
| The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. | |||||
| CVE-2015-1044 | 1 Vmware | 3 Esxi, Player, Workstation | 2023-12-10 | 3.3 LOW | N/A |
| vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors. | |||||
| CVE-2014-3790 | 1 Vmware | 1 Vcenter Server Appliance | 2023-12-10 | 9.0 HIGH | N/A |
| Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | |||||
| CVE-2014-9649 | 1 Vmware | 1 Rabbitmq | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. | |||||
| CVE-2014-3796 | 1 Vmware | 2 Nsx, Vcloud Networking And Security | 2023-12-10 | 5.0 MEDIUM | N/A |
| VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors. | |||||