Filtered by vendor Vmware
Subscriptions
Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2894 | 2 Redhat, Vmware | 3 Jboss Soa Platform, Spring Framework, Spring Security | 2025-04-11 | N/A |
| Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class. | ||||
| CVE-2012-3288 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | N/A |
| VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. | ||||
| CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2025-04-11 | N/A |
| Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | ||||
| CVE-2011-2217 | 2 Tomsawyer, Vmware | 3 Get Extension Factory, Infrastructure, Virtual Infrastructure Client | 2025-04-11 | N/A |
| Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document. | ||||
| CVE-2010-0211 | 5 Apple, Openldap, Opensuse and 2 more | 6 Mac Os X, Mac Os X Server, Openldap and 3 more | 2025-04-11 | 9.8 Critical |
| The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | ||||
| CVE-2013-3520 | 1 Vmware | 1 Vcenter Chargeback Manager | 2025-04-11 | N/A |
| VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2010-4251 | 3 Linux, Redhat, Vmware | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-11 | 7.5 High |
| The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. | ||||
| CVE-2012-1516 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 9.9 Critical |
| The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | ||||
| CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | N/A |
| VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | ||||
| CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | N/A |
| vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | ||||
| CVE-2013-1661 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream. | ||||
| CVE-2010-2798 | 8 Avaya, Canonical, Debian and 5 more | 17 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 14 more | 2025-04-11 | 7.8 High |
| The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. | ||||
| CVE-2012-6325 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | N/A |
| VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2010-1138 | 2 Microsoft, Vmware | 6 Windows, Ace, Fusion and 3 more | 2025-04-11 | N/A |
| The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. | ||||
| CVE-2012-6324 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | N/A |
| Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2010-2249 | 9 Apple, Canonical, Debian and 6 more | 13 Iphone Os, Itunes, Safari and 10 more | 2025-04-11 | 6.5 Medium |
| Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||||
| CVE-2010-2524 | 5 Canonical, Linux, Redhat and 2 more | 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more | 2025-04-11 | 7.8 High |
| The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. | ||||
| CVE-2012-5051 | 1 Vmware | 1 Capacityiq | 2025-04-11 | N/A |
| Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2013-3658 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | ||||
| CVE-2012-5050 | 1 Vmware | 1 Vcenter Operations | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||