Vulnerabilities > Vmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-11-14 | CVE-2012-5458 | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. | 8.3 |
2012-11-14 | CVE-2012-3569 | USE of Externally-Controlled Format String vulnerability in VMWare OVF Tool, Player and Workstation Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. | 9.3 |
2012-10-05 | CVE-2012-5051 | Path Traversal vulnerability in VMWare Capacityiq 1.5.0/1.5.1/1.5.2 Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2012-10-05 | CVE-2012-5050 | Cross-Site Scripting vulnerability in VMWare Vcenter Operations 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-10-05 | CVE-2012-4897 | Unspecified vulnerability in VMWare Movie Decoder Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. local vmware | 6.9 |
2012-09-08 | CVE-2012-1666 | Unspecified vulnerability in VMWare products Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. local vmware | 6.9 |
2012-06-14 | CVE-2012-3289 | Code Injection vulnerability in VMWare products VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device. | 7.8 |
2012-06-14 | CVE-2012-3288 | Improper Input Validation vulnerability in VMWare products VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. | 9.3 |
2012-06-01 | CVE-2012-2752 | Unspecified vulnerability in VMWare VMA 4.0/4.1/5.0.0.1 Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.2 |
2012-05-04 | CVE-2012-2450 | Products Multiple Memory Corruption Privilege Escalation vulnerability in VMware VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. | 9.0 |