|
|
Vmware : Security Vulnerabilities (CVSS score between 2 and 2.99)
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-2146 |
200 |
|
+Info |
2011-06-06 |
2011-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 though 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. |
|
2 |
CVE-2011-1788 |
200 |
|
+Info |
2011-05-09 |
2011-05-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. |
|
3 |
CVE-2010-3277 |
264 |
|
|
2010-09-28 |
2010-09-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. |
|
4 |
CVE-2010-2928 |
255 |
|
+Priv |
2011-02-15 |
2011-09-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. |
|
5 |
CVE-2009-2899 |
200 |
|
+Info |
2012-12-05 |
2012-12-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. |
|
6 |
CVE-2009-0518 |
200 |
|
+Info |
2009-04-06 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. |
|
7 |
CVE-2008-4278 |
200 |
|
+Info |
2008-10-06 |
2008-10-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. |
|
8 |
CVE-2008-2101 |
200 |
|
+Info |
2008-09-03 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. |
|
9 |
CVE-2006-3547 |
|
|
DoS |
2006-07-12 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
** DISPUTED ** EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed. |
|
10 |
CVE-2005-3620 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. |
Total number of vulnerabilities : 10
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
