Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-02-11 | CVE-2013-1406 | Improper Input Validation vulnerability in VMWare products The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2012-12-21 | CVE-2012-6325 | Information Exposure vulnerability in VMWare Vcenter Server Appliance 5.0 VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
| 2012-12-21 | CVE-2012-6324 | Path Traversal vulnerability in VMWare Vcenter Server Appliance 5.0/5.1 Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
| 2012-12-19 | CVE-2012-5978 | Path Traversal vulnerability in VMWare View Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2012-12-05 | CVE-2012-5055 | Information Exposure vulnerability in VMWare Springsource Spring Security DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. | 5.0 |
| 2012-12-05 | CVE-2011-2732 | Code Injection vulnerability in VMWare Springsource Spring Security CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter. | 4.3 |
| 2012-12-05 | CVE-2011-2731 | Race Condition vulnerability in VMWare Springsource Spring Security Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread. | 5.1 |
| 2012-12-05 | CVE-2009-2899 | Information Exposure vulnerability in VMWare Hyperic HQ 4.2 The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. | 2.1 |
| 2012-11-20 | CVE-2012-5703 | Improper Input Validation vulnerability in VMWare ESX and Esxi The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. | 5.0 |
| 2012-11-14 | CVE-2012-5459 | Unspecified vulnerability in VMWare Player and Workstation Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path" | 7.9 |