Filtered by vendor Vmware
Subscriptions
Total
902 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-3619 | 1 Vmware | 1 Esx | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. | ||||
CVE-2005-3618 | 1 Vmware | 1 Esx | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks. | ||||
CVE-2005-2939 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | ||||
CVE-2005-0444 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | ||||
CVE-2004-2515 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | ||||
CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2024-11-21 | N/A |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | ||||
CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2024-11-21 | N/A |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | ||||
CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2024-11-21 | 7.5 High |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||||
CVE-2003-1291 | 1 Vmware | 1 Esx | 2024-11-21 | N/A |
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables. | ||||
CVE-2003-0739 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack. | ||||
CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2024-11-21 | N/A |
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | ||||
CVE-2003-0480 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation." | ||||
CVE-2002-0814 | 1 Vmware | 1 Gsx Server | 2024-11-21 | N/A |
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | ||||
CVE-2001-1059 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | ||||
CVE-2000-0090 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. | ||||
CVE-1999-0733 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. | ||||
CVE-2024-38828 | 1 Vmware | 1 Spring | 2024-11-18 | 5.3 Medium |
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. | ||||
CVE-2024-38814 | 1 Vmware | 1 Vmware Hcx | 2024-10-21 | 8.8 High |
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products. | ||||
CVE-2024-38817 | 1 Vmware | 3 Cloud Foundation, Nsx, Nsx-t | 2024-10-10 | 6.7 Medium |
VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. | ||||
CVE-2024-38818 | 1 Vmware | 3 Cloud Foundation, Nsx, Nsx-t | 2024-10-10 | 6.7 Medium |
VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. |