mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.06%
Published
2011-06-06
Updated
2017-08-29
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-05-09
Updated
2017-08-17
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-09-28
Updated
2010-09-29
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-02-16
Updated
2018-10-10
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-12-05
Updated
2012-12-24
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-04-06
Updated
2017-09-29
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.06%
Published
2008-10-06
Updated
2018-10-11
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-09-03
Updated
2018-10-11
EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed
Source: MITRE
Max CVSS
2.6
EPSS Score
0.31%
Published
2006-07-13
Updated
2024-05-17
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-12-31
Updated
2018-10-30
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!