Vulnerabilities > Vmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-23 | CVE-2013-5973 | Permissions, Privileges, and Access Controls vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. | 4.4 |
2013-11-04 | CVE-2013-6366 | Code Injection vulnerability in VMWare Hyperic HQ 4.6.6 The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | 6.5 |
2013-10-21 | CVE-2013-5971 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | 6.8 |
2013-09-04 | CVE-2013-1661 | Improper Input Validation vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream. | 4.3 |
2013-08-24 | CVE-2013-1662 | Permissions, Privileges, and Access Controls vulnerability in VMWare Player and Workstation vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | 6.9 |
2013-05-01 | CVE-2013-3107 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.0 VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | 4.3 |
2012-12-21 | CVE-2012-6325 | Information Exposure vulnerability in VMWare Vcenter Server Appliance 5.0 VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
2012-12-21 | CVE-2012-6324 | Path Traversal vulnerability in VMWare Vcenter Server Appliance 5.0/5.1 Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
2012-12-19 | CVE-2012-5978 | Path Traversal vulnerability in VMWare View Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2012-12-05 | CVE-2012-5055 | Information Exposure vulnerability in VMWare Springsource Spring Security DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. | 5.0 |