Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2015-01-29 CVE-2014-8370 Permissions, Privileges, and Access Controls vulnerability in VMWare products
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.
network
low complexity
vmware CWE-264
6.4
2014-12-11 CVE-2014-8373 Permissions, Privileges, and Access Controls vulnerability in VMWare Vcloud Automation Center
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.
network
low complexity
vmware CWE-264
critical
9.0
2014-12-11 CVE-2014-8372 Information Exposure vulnerability in VMWare Airwatch 7.3.0.0/7.3.3.0
AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference.
network
low complexity
vmware CWE-200
4.0
2014-12-08 CVE-2014-8371 Cryptographic Issues vulnerability in VMWare Vcenter Server Appliance 5.0/5.1/5.5
VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.
network
vmware CWE-310
4.3
2014-12-08 CVE-2014-3797 Cross-Site Scripting vulnerability in VMWare Vcenter Server Appliance 5.1
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
vmware CWE-79
4.3
2014-11-20 CVE-2014-3625 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
network
low complexity
vmware pivotal-software CWE-22
5.0
2014-09-15 CVE-2014-3796 Improper Input Validation vulnerability in VMWare NSX and Vcloud Networking and Security
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.
network
low complexity
vmware CWE-20
5.0
2014-08-28 CVE-2014-4200 Permissions, Privileges, and Access Controls vulnerability in VMWare Tools, Vm-Support and Workstation
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
local
vmware CWE-264
4.7
2014-08-28 CVE-2014-4199 Link Following vulnerability in VMWare Tools, Vm-Support and Workstation
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
local
vmware CWE-59
6.3
2014-07-17 CVE-2014-4258 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
network
low complexity
oracle vmware opensuse-project debian mariadb suse
6.5