Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-17 | CVE-2014-1211 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vcloud Director 5.1.0/5.1.1/5.1.2 Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | 6.8 |
| 2014-01-17 | CVE-2014-1208 | Local Denial Of Service vulnerability in Multiple VMWare Products VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port. low complexity vmware | 3.3 |
| 2014-01-17 | CVE-2014-1207 | Denial of Service vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. network vmware | 4.3 |
| 2013-12-23 | CVE-2013-5973 | Permissions, Privileges, and Access Controls vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. | 4.4 |
| 2013-12-04 | CVE-2013-3519 | Permissions, Privileges, and Access Controls vulnerability in VMWare products lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. | 7.9 |
| 2013-11-18 | CVE-2013-5972 | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. | 7.2 |
| 2013-11-04 | CVE-2013-6366 | Code Injection vulnerability in VMWare Hyperic HQ 4.6.6 The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | 6.5 |
| 2013-10-21 | CVE-2013-5971 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | 6.8 |
| 2013-10-21 | CVE-2013-5970 | Improper Input Validation vulnerability in VMWare ESX and Esxi hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. | 7.1 |
| 2013-09-10 | CVE-2013-3658 | Path Traversal vulnerability in VMWare ESX and Esxi Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | 9.4 |