Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-04 | CVE-2012-2449 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. | 9.0 |
| 2012-05-04 | CVE-2012-2448 | Buffer Errors vulnerability in VMWare ESX and Esxi VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic. | 7.5 |
| 2012-05-04 | CVE-2012-1517 | Buffer Errors vulnerability in VMWare ESX and Esxi The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers. | 9.0 |
| 2012-05-04 | CVE-2012-1516 | Buffer Errors vulnerability in VMWare ESX and Esxi The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | 9.0 |
| 2012-04-17 | CVE-2012-1518 | Permissions, Privileges, and Access Controls vulnerability in VMWare products VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | 8.3 |
| 2012-04-02 | CVE-2012-1515 | Permissions, Privileges, and Access Controls vulnerability in VMWare ESX and Esxi VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. | 8.3 |
| 2012-03-16 | CVE-2012-1514 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vshield Manager Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2012-03-16 | CVE-2012-1513 | Information Exposure vulnerability in VMWare Vcenter Orchestrator 4.0/4.1 The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. | 4.0 |
| 2012-03-16 | CVE-2012-1512 | Cross-Site Scripting vulnerability in VMWare Vsphere 5.0 Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. | 4.3 |
| 2012-03-16 | CVE-2012-1511 | Cross-Site Scripting vulnerability in VMWare View 4.0.0/4.5/4.6.0 Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |