Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-29 | CVE-2007-4591 | Buffer Overflow vulnerability in VMWare Workstation 6.0 vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode. local vmware | 6.9 |
| 2007-07-30 | CVE-2007-4059 | Unspecified vulnerability in VMWare Workstation 5.5.3 Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method. network vmware | 5.8 |
| 2007-05-02 | CVE-2007-1744 | Directory Traversal vulnerability in VMware Workstation Shared Folders Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. | 6.3 |
| 2007-04-06 | CVE-2007-1271 | Buffer Overflow vulnerability in VMWare ESX 3.0.0/3.0.1 Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors. local vmware | 6.6 |
| 2007-04-06 | CVE-2007-1270 | Numeric Errors vulnerability in VMWare ESX and ESX Server Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. | 5.0 |
| 2006-12-10 | CVE-2006-6410 | Buffer Overflow vulnerability in VMWare Workstation 5.5.1 Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function. | 4.6 |
| 2006-11-21 | CVE-2006-5990 | Improper Input Validation vulnerability in VMWare Virtualcenter 1.4.1/2.0.1 VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. | 4.0 |
| 2006-07-31 | CVE-2006-2481 | Credentials Management vulnerability in VMWare ESX VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | 5.0 |
| 2006-06-02 | CVE-2006-2662 | Unspecified vulnerability in VMWare Server 1.0.1Build29996 VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | 4.6 |
| 2005-12-31 | CVE-2005-3619 | Unspecified vulnerability in VMWare ESX Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. network vmware | 6.8 |