Vulnerabilities > Vmware > Low

DATE CVE VULNERABILITY TITLE RISK
2011-06-06 CVE-2011-2146 Information Exposure vulnerability in VMWare products
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.
local
low complexity
vmware CWE-200
2.1
2011-05-09 CVE-2011-1788 Information Exposure vulnerability in VMWare Vcenter 4.0/4.1
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.
local
low complexity
vmware CWE-200
2.1
2011-04-10 CVE-2011-1681 Configuration vulnerability in VMWare Open-Vm-Tools
vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
local
vmware CWE-16
3.3
2011-02-16 CVE-2010-2928 Credentials Management vulnerability in VMWare Vcenter Server 4.1
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
local
low complexity
vmware CWE-255
2.1
2010-09-28 CVE-2010-3277 Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.
local
low complexity
vmware CWE-264
2.1
2009-04-06 CVE-2009-0518 Information Exposure vulnerability in VMWare Esx, VMWare Esxi and VMWare Virtualcenter
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.
local
low complexity
vmware CWE-200
2.1
2008-10-06 CVE-2008-4278 Information Exposure vulnerability in VMWare Virtualcenter
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
local
low complexity
vmware microsoft CWE-200
2.1
2008-09-03 CVE-2008-2101 Information Exposure vulnerability in VMWare ESX
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
vmware CWE-200
2.1
2007-10-13 CVE-2007-5438 Improper Input Validation vulnerability in VMWare products
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
local
vmware CWE-20
1.9
2007-02-07 CVE-2007-0832 Information Disclosure vulnerability in VMWare Workstation 5.5.3Build34685
VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.
local
high complexity
vmware
1.2