Search Results (1046 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1514 1 Vmware 1 Vshield Manager 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2011-1126 2 Linux, Vmware 3 Linux Kernel, Vix Api, Workstation 2025-04-11 N/A
VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.
CVE-2012-1509 1 Vmware 1 View 2025-04-11 N/A
Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.
CVE-2012-1511 1 Vmware 1 View 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2012-1512 1 Vmware 1 Vsphere 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.
CVE-2012-1516 1 Vmware 2 Esx, Esxi 2025-04-11 9.9 Critical
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
CVE-2012-1518 1 Vmware 5 Esx, Esxi, Fusion and 2 more 2025-04-11 N/A
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.
CVE-2012-6325 1 Vmware 1 Vcenter Server Appliance 2025-04-11 N/A
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2012-1666 1 Vmware 5 Esx, Fusion, Player and 2 more 2025-04-11 N/A
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
CVE-2011-2894 2 Redhat, Vmware 3 Jboss Soa Platform, Spring Framework, Spring Security 2025-04-11 N/A
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
CVE-2013-5970 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.
CVE-2013-7315 2 Springsource, Vmware 2 Spring Framework, Spring Framework 2025-04-11 N/A
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CVE-2012-5458 2 Microsoft, Vmware 3 Windows, Player, Workstation 2025-04-11 N/A
VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.
CVE-2013-5972 1 Vmware 2 Player, Workstation 2025-04-11 N/A
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.
CVE-2012-5703 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.
CVE-2012-2448 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.
CVE-2012-2449 1 Vmware 5 Esx, Esxi, Fusion and 2 more 2025-04-11 N/A
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
CVE-2012-2450 1 Vmware 5 Esx, Esxi, Fusion and 2 more 2025-04-11 N/A
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
CVE-2013-5971 1 Vmware 1 Vcenter Server 2025-04-11 N/A
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
CVE-2011-1681 1 Vmware 1 Open-vm-tools 2025-04-11 N/A
vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.