| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-11076 |
200 |
|
+Info |
2018-11-26 |
2019-01-02 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. |
|
2 |
CVE-2018-6957 |
399 |
|
|
2018-03-15 |
2018-04-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. |
|
3 |
CVE-2017-4926 |
79 |
|
XSS |
2017-09-15 |
2017-09-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. |
|
4 |
CVE-2016-7463 |
79 |
|
XSS |
2016-12-29 |
2016-12-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. |
|
5 |
CVE-2016-2075 |
79 |
|
XSS |
2016-03-16 |
2016-12-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
6 |
CVE-2015-5191 |
362 |
|
|
2017-07-28 |
2017-08-08 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
7 |
CVE-2015-2344 |
79 |
|
XSS |
2016-03-16 |
2016-12-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
8 |
CVE-2015-1044 |
|
|
DoS |
2015-01-29 |
2017-09-07 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors. |
|
9 |
CVE-2015-1043 |
20 |
|
DoS |
2015-01-29 |
2017-09-07 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors. |
|
10 |
CVE-2014-1208 |
|
|
DoS |
2014-01-17 |
2017-08-28 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. |
|
11 |
CVE-2011-1681 |
16 |
|
|
2011-04-09 |
2017-08-16 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. |
|
12 |
CVE-2006-3589 |
|
|
|
2006-07-21 |
2018-10-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. |
|
13 |
CVE-2003-0480 |
|
|
+Priv |
2003-08-07 |
2016-10-17 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation." |
|
14 |
CVE-2001-1059 |
|
|
|
2001-07-30 |
2017-10-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. |
|
15 |
CVE-2000-0090 |
|
|
DoS |
2000-01-17 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. |
