VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
Max CVSS
3.6
EPSS Score
0.04%
Published
2000-01-17
Updated
2008-09-10
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
Max CVSS
3.6
EPSS Score
0.04%
Published
2001-07-30
Updated
2017-10-10
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
Max CVSS
3.7
EPSS Score
0.04%
Published
2003-08-07
Updated
2016-10-18
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-10-20
Updated
2016-10-18
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
Max CVSS
5.0
EPSS Score
0.26%
Published
2004-11-23
Updated
2021-11-08
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Max CVSS
5.0
EPSS Score
0.25%
Published
2004-11-23
Updated
2024-02-15
VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-02-14
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.
Max CVSS
6.8
EPSS Score
1.13%
Published
2005-12-31
Updated
2018-10-30
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-12-31
Updated
2018-10-30
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).
Max CVSS
4.3
EPSS Score
1.90%
Published
2005-12-29
Updated
2018-10-30
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.
Max CVSS
4.9
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-30
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
Max CVSS
5.0
EPSS Score
1.33%
Published
2006-07-31
Updated
2018-10-30
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
Max CVSS
4.6
EPSS Score
0.06%
Published
2006-06-02
Updated
2018-10-18
EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed
Max CVSS
2.6
EPSS Score
0.31%
Published
2006-07-13
Updated
2024-03-21
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
Max CVSS
3.6
EPSS Score
0.05%
Published
2006-07-21
Updated
2018-10-30
VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.
Max CVSS
4.0
EPSS Score
0.36%
Published
2006-11-21
Updated
2018-10-17
Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-12-10
Updated
2018-10-17
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
Max CVSS
5.0
EPSS Score
2.54%
Published
2007-04-06
Updated
2018-10-30
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
6.6
EPSS Score
0.07%
Published
2007-04-06
Updated
2018-10-30
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
Max CVSS
6.3
EPSS Score
0.07%
Published
2007-05-02
Updated
2018-10-16
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
Max CVSS
5.8
EPSS Score
3.48%
Published
2007-07-30
Updated
2017-09-29
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.11%
Published
2007-09-21
Updated
2019-08-01
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.
Max CVSS
5.5
EPSS Score
0.08%
Published
2007-09-21
Updated
2019-08-01
vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-08-29
Updated
2017-07-29
Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-08-29
Updated
2008-11-15
361 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!