Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-10 | CVE-2013-3657 | Buffer Errors vulnerability in VMWare ESX and Esxi Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | 7.5 |
| 2013-09-04 | CVE-2013-1661 | Improper Input Validation vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream. | 4.3 |
| 2013-08-24 | CVE-2013-1662 | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | 6.9 |
| 2013-06-17 | CVE-2013-3520 | Code Injection vulnerability in VMWare Vcenter Chargeback Manager VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2013-05-01 | CVE-2013-3107 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.0 VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | 4.3 |
| 2013-05-01 | CVE-2013-3080 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.1 VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. | 9.0 |
| 2013-05-01 | CVE-2013-3079 | Code Injection vulnerability in VMWare Vcenter Server Appliance 5.1 VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. | 9.0 |
| 2013-02-22 | CVE-2013-1659 | Memory Corruption vulnerability in VMWare Esxi, Vcenter Server and Vcenter Server Appliance VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream. | 7.6 |
| 2013-02-22 | CVE-2012-6326 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare Vcenter Server and Vcenter Server Appliance VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. | 7.8 |
| 2013-02-15 | CVE-2013-1405 | Improper Authentication vulnerability in VMWare products VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |