| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-22954 |
94 |
|
Exec Code |
2022-04-11 |
2022-09-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. |
|
2 |
CVE-2021-22112 |
|
|
|
2021-02-23 |
2021-12-08 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. |
|
3 |
CVE-2021-22014 |
|
|
Exec Code |
2021-09-23 |
2021-09-27 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server. |
|
4 |
CVE-2021-21986 |
306 |
|
|
2021-05-26 |
2022-07-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication. |
|
5 |
CVE-2021-21985 |
20 |
|
Exec Code |
2021-05-26 |
2021-09-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. |
|
6 |
CVE-2021-21972 |
22 |
|
Exec Code Dir. Trav. |
2021-02-24 |
2022-07-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). |
|
7 |
CVE-2020-4006 |
77 |
|
|
2020-11-23 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. |
|
8 |
CVE-2020-3992 |
416 |
|
Exec Code |
2020-10-20 |
2022-06-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. |
|
9 |
CVE-2019-5526 |
427 |
|
|
2019-05-15 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. |
|
10 |
CVE-2019-5524 |
787 |
|
Exec Code |
2019-04-02 |
2019-04-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host. |
|
11 |
CVE-2019-5515 |
787 |
|
DoS Exec Code |
2019-04-02 |
2019-05-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest. |
|
12 |
CVE-2018-11066 |
|
|
Exec Code |
2018-11-26 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. |
|
13 |
CVE-2017-4947 |
502 |
|
Exec Code |
2018-01-29 |
2018-02-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. |
|
14 |
CVE-2017-4918 |
77 |
|
|
2017-06-08 |
2017-07-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed. |
|
15 |
CVE-2016-7456 |
255 |
|
|
2016-12-29 |
2017-01-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. |
|
16 |
CVE-2016-5333 |
798 |
|
|
2016-08-31 |
2017-08-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. |
|
17 |
CVE-2015-5211 |
552 |
|
|
2017-05-25 |
2022-06-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. |
|
18 |
CVE-2015-2342 |
|
|
Exec Code |
2015-10-12 |
2018-08-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol. |
|
19 |
CVE-2014-8373 |
264 |
|
+Priv |
2014-12-11 |
2018-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function. |
|
20 |
CVE-2014-3790 |
264 |
|
Exec Code |
2014-06-01 |
2014-06-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. |
|
21 |
CVE-2014-1209 |
20 |
|
|
2014-04-11 |
2014-04-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. |
|
22 |
CVE-2013-3658 |
22 |
|
Dir. Trav. |
2013-09-10 |
2013-09-12 |
9.4 |
None |
Remote |
Low |
Not required |
None |
Complete |
Complete |
|
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. |
|
23 |
CVE-2013-3080 |
264 |
|
DoS Exec Code |
2013-05-01 |
2013-05-01 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. |
|
24 |
CVE-2013-3079 |
94 |
|
|
2013-05-01 |
2013-05-01 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. |
|
25 |
CVE-2013-1405 |
287 |
|
DoS Exec Code Mem. Corr. |
2013-02-15 |
2013-02-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
|
26 |
CVE-2012-3569 |
134 |
|
Exec Code |
2012-11-14 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. |
|
27 |
CVE-2012-3288 |
20 |
|
DoS Exec Code Mem. Corr. |
2012-06-14 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. |
|
28 |
CVE-2012-2450 |
|
|
DoS Exec Code |
2012-05-04 |
2017-12-14 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. |
|
29 |
CVE-2012-2449 |
119 |
|
DoS Exec Code Overflow |
2012-05-04 |
2017-12-14 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. |
|
30 |
CVE-2012-1517 |
119 |
|
DoS Exec Code Overflow |
2012-05-04 |
2017-12-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers. |
|
31 |
CVE-2012-1516 |
119 |
|
DoS Exec Code Overflow |
2012-05-04 |
2019-09-27 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. |
|
32 |
CVE-2011-3868 |
119 |
|
Exec Code Overflow |
2011-10-07 |
2018-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image. |
|
33 |
CVE-2010-4573 |
287 |
|
|
2010-12-22 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. |
|
34 |
CVE-2009-2628 |
94 |
|
Exec Code Mem. Corr. |
2009-09-08 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. |
|
35 |
CVE-2009-1565 |
119 |
|
Exec Code Overflow |
2010-04-12 |
2010-04-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." |
|
36 |
CVE-2009-1564 |
119 |
|
Exec Code Overflow |
2010-04-12 |
2010-04-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. |
|
37 |
CVE-2009-0909 |
119 |
|
Exec Code Overflow |
2009-04-06 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435. |
|
38 |
CVE-2009-0199 |
119 |
|
Exec Code Overflow |
2009-09-08 |
2018-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). |
|
39 |
CVE-2008-4281 |
22 |
|
+Priv Dir. Trav. |
2008-11-10 |
2018-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors. |
|
40 |
CVE-2008-3892 |
119 |
|
DoS Exec Code Overflow |
2008-09-03 |
2018-11-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696. |
|
41 |
CVE-2008-3696 |
|
|
|
2008-09-03 |
2018-10-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695. |
|
42 |
CVE-2008-3695 |
|
|
|
2008-09-03 |
2018-10-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696. |
|
43 |
CVE-2008-3694 |
|
|
|
2008-09-03 |
2018-10-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696. |
|
44 |
CVE-2008-3693 |
|
|
|
2008-09-03 |
2018-10-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. |
|
45 |
CVE-2008-3692 |
|
|
|
2008-09-03 |
2018-10-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. |
|
46 |
CVE-2008-3691 |
|
|
|
2008-09-03 |
2018-11-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696. |
|
47 |
CVE-2008-2097 |
119 |
|
Overflow +Priv |
2008-06-05 |
2018-10-11 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." |
|
48 |
CVE-2007-5617 |
|
|
|
2007-10-21 |
2018-10-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images. |
|
49 |
CVE-2007-5025 |
|
|
|
2007-09-21 |
2008-09-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user." |
|
50 |
CVE-2007-0063 |
191 |
|
Exec Code Overflow |
2007-09-21 |
2019-07-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow. |
