Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-12-05 | CVE-2011-2732 | Code Injection vulnerability in VMWare Springsource Spring Security CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter. | 4.3 |
| 2012-12-05 | CVE-2011-2731 | Race Condition vulnerability in VMWare Springsource Spring Security Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread. | 5.1 |
| 2012-11-20 | CVE-2012-5703 | Improper Input Validation vulnerability in VMWare ESX and Esxi The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. | 5.0 |
| 2012-10-05 | CVE-2012-5051 | Path Traversal vulnerability in VMWare Capacityiq 1.5.0/1.5.1/1.5.2 Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2012-10-05 | CVE-2012-5050 | Cross-Site Scripting vulnerability in VMWare Vcenter Operations 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-10-05 | CVE-2012-4897 | Unspecified vulnerability in VMWare Movie Decoder Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. local vmware | 6.9 |
| 2012-09-08 | CVE-2012-1666 | Unspecified vulnerability in VMWare products Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. local vmware | 6.9 |
| 2012-03-16 | CVE-2012-1514 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vshield Manager Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2012-03-16 | CVE-2012-1513 | Information Exposure vulnerability in VMWare Vcenter Orchestrator 4.0/4.1 The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. | 4.0 |
| 2012-03-16 | CVE-2012-1512 | Cross-Site Scripting vulnerability in VMWare Vsphere 5.0 Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. | 4.3 |