Filtered by vendor Vmware
Subscriptions
Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | N/A |
| VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | ||||
| CVE-2012-3289 | 1 Vmware | 4 Esx, Esxi, Player and 1 more | 2025-04-11 | N/A |
| VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device. | ||||
| CVE-2012-2752 | 1 Vmware | 1 Vma | 2025-04-11 | N/A |
| Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | ||||
| CVE-2011-1681 | 1 Vmware | 1 Open-vm-tools | 2025-04-11 | N/A |
| vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | ||||
| CVE-2011-1789 | 1 Vmware | 3 Esx, Esxi, Vcenter | 2025-04-11 | N/A |
| The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. | ||||
| CVE-2011-2145 | 3 Freebsd, Oracle, Vmware | 7 Freebsd, Solaris, Esx and 4 more | 2025-04-11 | N/A |
| mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error." | ||||
| CVE-2012-2450 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | N/A |
| VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. | ||||
| CVE-2012-2449 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | N/A |
| VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. | ||||
| CVE-2010-1205 | 11 Apple, Canonical, Debian and 8 more | 18 Iphone Os, Itunes, Mac Os X and 15 more | 2025-04-11 | 9.8 Critical |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||||
| CVE-2012-2448 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic. | ||||
| CVE-2011-4404 | 1 Vmware | 1 Vcenter Update Manager | 2025-04-11 | N/A |
| The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. | ||||
| CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | N/A |
| VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | ||||
| CVE-2010-4263 | 3 Linux, Redhat, Vmware | 4 Linux Kernel, Enterprise Linux, Esx and 1 more | 2025-04-11 | N/A |
| The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. | ||||
| CVE-2012-1517 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers. | ||||
| CVE-2010-4294 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2025-04-11 | N/A |
| The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. | ||||
| CVE-2010-4343 | 3 Linux, Redhat, Vmware | 3 Linux Kernel, Enterprise Linux, Esx | 2025-04-11 | 5.5 Medium |
| drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. | ||||
| CVE-2012-1516 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 9.9 Critical |
| The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | ||||
| CVE-2012-1514 | 1 Vmware | 1 Vshield Manager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2010-4573 | 1 Vmware | 1 Esxi | 2025-04-11 | N/A |
| The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. | ||||
| CVE-2012-1513 | 1 Vmware | 1 Vcenter Orchestrator | 2025-04-11 | N/A |
| The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. | ||||