Skip to main content

VMware

643 CVEs vendor

Monthly

CVE-2015-7429 HIGH This Week

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure VMware Spectrum Protect For Virtual Environments Spectrum Protect Snapshot
NVD
CVSS 3.0
8.5
EPSS
0.3%
CVE-2015-6934 HIGH This Week

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Java Apache Vcenter Orchestrator +1
NVD
CVSS 3.0
7.3
EPSS
1.8%
CVE-2015-6335 CRITICAL Act Now

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation VMware Firesight System Software
NVD
CVSS 2.0
9.0
EPSS
0.3%
CVE-2015-2342 CRITICAL POC PATCH THREAT Act Now

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

RCE VMware Vcenter Server
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
92.0%
Threat
6.3
CVE-2015-1047 MEDIUM PATCH This Month

vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Vcenter Server
NVD
CVSS 2.0
5.0
EPSS
2.9%
CVE-2015-1988 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS VMware Tivoli Storage Flashcopy Manager Tivoli Storage Manager For Virtual Environments
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-6932 MEDIUM This Month

VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-6277 MEDIUM This Month

The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco VMware Nx Os San Os +2
NVD
CVSS 2.0
6.1
EPSS
0.4%
CVE-2015-4323 MEDIUM This Month

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow VMware Nx Os +1
NVD
CVSS 2.0
6.1
EPSS
0.8%
CVE-2015-4324 MEDIUM This Month

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow VMware Nx Os
NVD
CVSS 2.0
6.1
EPSS
0.8%
CVE-2015-3650 HIGH PATCH This Week

vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Microsoft VMware Authentication Bypass Player Workstation +1
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-2341 HIGH PATCH This Week

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Fusion Player Workstation
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2015-2340 MEDIUM PATCH This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2339 MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2338 MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft Horizon Client Horizon View Client +3
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-2337 MEDIUM This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

RCE VMware Microsoft Fusion Player +3
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-2336 MEDIUM PATCH This Month

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

RCE VMware Microsoft Fusion Player +3
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-4632 MEDIUM This Month

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Authentication Bypass Vsphere Data Protection
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-1044 LOW PATCH Monitor

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation ESXi Player
NVD
CVSS 2.0
3.3
EPSS
0.3%
CVE-2015-1043 LOW PATCH Monitor

The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Fusion Workstation Player
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-8370 MEDIUM PATCH This Month

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation VMware Player Fusion +2
NVD
CVSS 2.0
6.4
EPSS
1.2%
CVE-2014-8373 CRITICAL Act Now

The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcloud Automation Center
NVD
CVSS 2.0
9.0
EPSS
1.4%
CVE-2014-8372 MEDIUM This Month

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Airwatch
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-8371 MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-3797 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3689 HIGH This Week

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Qemu Debian Linux Ubuntu Linux
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-8333 PyPI MEDIUM PATCH This Month

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Openstack Nova
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2014-7681 MEDIUM This Month

The VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application 6.0.9.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Google VMware Vmware Vforums 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-8750 MEDIUM This Month

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Race Condition VMware Nova
NVD
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-3608 PyPI LOW POC PATCH Monitor

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service VMware Nova
NVD
CVSS 2.0
2.7
EPSS
0.7%
CVE-2014-3367 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco VMware Cisco Nexus 1000V Intercloud
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3796 MEDIUM PATCH This Month

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Nsx Vcloud Networking And Security
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-4200 MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation VMware Tools Vm Support Workstation
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2014-4199 MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure VMware Tools Vm Support Workstation
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2014-3790 CRITICAL Act Now

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2014-3793 MEDIUM This Month

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft Fusion Player +2
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-6714 MEDIUM This Month

The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation VMware Tivoli Storage Flashcopy Manager
NVD
CVSS 2.0
4.1
EPSS
0.1%
CVE-2013-6713 MEDIUM This Month

The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations,. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation VMware Tivoli Storage Manager For Virtual Environments
NVD
CVSS 2.0
4.1
EPSS
0.1%
CVE-2014-0685 MEDIUM This Month

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation VMware Cisco Nexus 1000V Intercloud
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4768 MEDIUM This Month

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC),. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service VMware Eucalyptus
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2384 MEDIUM This Month

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft Player Workstation
NVD VulDB
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-1210 MEDIUM This Month

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vsphere Client
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1209 CRITICAL Act Now

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vsphere Client
NVD VulDB
CVSS 2.0
9.3
EPSS
4.1%
CVE-2014-2573 PyPI LOW PATCH Monitor

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a. Rated low severity (CVSS 2.3).

Denial Of Service Privilege Escalation VMware Compute
NVD VulDB
CVSS 2.0
2.3
EPSS
0.1%
CVE-2014-1211 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF VMware Vcloud Director
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-1208 LOW Monitor

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service ESXi Fusion Player +2
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-1207 MEDIUM This Month

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service ESXi Esx
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-5973 MEDIUM This Month

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation VMware Esx ESXi
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-3519 HIGH This Week

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation VMware Microsoft ESXi Workstation +3
NVD
CVSS 2.0
7.9
EPSS
0.2%
CVE-2013-5972 HIGH PATCH This Week

VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation VMware Workstation Player
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-5556 MEDIUM This Month

The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Microsoft Cisco Nexus 1000V
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6366 MEDIUM POC This Month

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection VMware RCE Hyperic Hq
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
5.6%
CVE-2013-5971 MEDIUM This Month

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation VMware Vcenter Server
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-5970 HIGH This Week

hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx ESXi
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2012-4092 MEDIUM This Month

The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

VMware Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-3658 CRITICAL Act Now

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Esx ESXi
NVD
CVSS 2.0
9.4
EPSS
0.6%
CVE-2013-3657 HIGH This Week

Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Esx +1
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2013-1661 MEDIUM This Month

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx ESXi
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1662 MEDIUM POC This Month

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation VMware Debian Workstation Player
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
6.1%
CVE-2013-3520 HIGH POC THREAT Act Now

VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.9%.

Code Injection VMware RCE Vcenter Chargeback Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
81.9%
Threat
5.5
CVE-2013-1212 MEDIUM This Month

The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

VMware Information Disclosure Cisco Nx Os Nexus 1000V
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-1211 MEDIUM This Month

Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Cisco Authentication Bypass Nx Os
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1210 MEDIUM This Month

Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service Cisco Nx Os
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2013-3107 MEDIUM This Month

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-3080 CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Denial Of Service RCE Vcenter Server Appliance
NVD
CVSS 2.0
9.0
EPSS
1.3%
CVE-2013-3079 CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection VMware RCE Vcenter Server Appliance
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2013-1659 HIGH This Week

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Vcenter Server +2
NVD
CVSS 2.0
7.6
EPSS
0.9%
CVE-2012-6326 HIGH PATCH This Week

VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Denial Of Service Vcenter Server Vcenter Server Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-1405 CRITICAL Act Now

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware Denial Of Service Buffer Overflow RCE +6
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2013-1406 HIGH POC This Week

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

VMware Information Disclosure Microsoft Workstation Fusion +3
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.7%
CVE-2012-6325 MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server Appliance
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2012-6324 MEDIUM This Month

Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Vcenter Server Appliance
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2012-5978 MEDIUM This Month

Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal View
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5055 Maven MEDIUM PATCH This Month

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Java Springsource Spring Security
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5703 MEDIUM This Month

The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Denial Of Service Esx ESXi
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2012-5459 HIGH PATCH This Week

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a. Rated high severity (CVSS 7.9).

VMware Information Disclosure Microsoft Player Workstation
NVD
CVSS 2.0
7.9
EPSS
0.1%
CVE-2012-5458 HIGH This Week

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Microsoft Player Workstation
NVD
CVSS 2.0
8.3
EPSS
0.1%
CVE-2012-3569 CRITICAL POC PATCH THREAT Act Now

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.6%.

VMware Microsoft RCE Ovf Tool Workstation +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
80.6%
Threat
5.8
CVE-2012-4610 LOW Monitor

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Authentication Bypass Avamar
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2012-5051 MEDIUM This Month

Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Capacityiq
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2012-5050 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware XSS Vcenter Operations
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4897 MEDIUM This Month

Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. Rated medium severity (CVSS 6.9). No vendor patch available.

VMware Information Disclosure Movie Decoder
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2012-1833 MEDIUM POC This Month

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation VMware Grails
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-1666 MEDIUM POC This Month

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

VMware Information Disclosure Workstation Player Fusion +2
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
0.2%
CVE-2012-3241 HIGH This Week

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Eucalyptus
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-3289 HIGH This Week

VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection VMware Denial Of Service RCE Workstation +3
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2012-3288 CRITICAL Act Now

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Workstation +4
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2012-2752 HIGH This Week

Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

VMware Information Disclosure Vma
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-2450 CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Denial Of Service RCE Workstation Player +3
NVD
CVSS 2.0
9.0
EPSS
1.3%
CVE-2012-2449 CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Workstation +4
NVD
CVSS 2.0
9.0
EPSS
2.0%
EPSS 0% CVSS 8.5
HIGH This Week

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure VMware +2
NVD
EPSS 2% CVSS 7.3
HIGH This Week

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Java +3
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation VMware +1
NVD
EPSS 92% 6.3 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

RCE VMware Vcenter Server
NVD Exploit-DB
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Vcenter Server
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS VMware +2
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco VMware +4
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow +2
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Microsoft VMware Authentication Bypass +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Fusion +2
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft +5
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft +5
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service VMware Microsoft +5
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

RCE VMware Microsoft +5
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

RCE VMware Microsoft +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Authentication Bypass Vsphere Data Protection
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service VMware Fusion +2
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation VMware +4
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcloud Automation Center
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Airwatch
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server Appliance
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS VMware Vcenter Server Appliance
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Qemu +2
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Openstack +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application 6.0.9.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Google VMware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Race Condition VMware +1
NVD
EPSS 1% CVSS 2.7
LOW POC PATCH Monitor

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service VMware Nova
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco VMware +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Nsx +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation VMware Tools +2
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure VMware Tools +2
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft +4
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation +2
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations,. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Denial Of Service Privilege Escalation +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation VMware +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC),. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service VMware Eucalyptus
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft +2
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vsphere Client
NVD VulDB
EPSS 4% CVSS 9.3
CRITICAL Act Now

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vsphere Client
NVD VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a. Rated low severity (CVSS 2.3).

Denial Of Service Privilege Escalation VMware +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF VMware Vcloud Director
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service ESXi +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service ESXi +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation VMware Esx +1
NVD
EPSS 0% CVSS 7.9
HIGH This Week

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation VMware Microsoft +5
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation VMware Workstation +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Microsoft +2
NVD
EPSS 6% CVSS 6.5
MEDIUM POC This Month

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection VMware RCE +1
NVD Exploit-DB
EPSS 1% CVSS 6.8
MEDIUM This Month

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation VMware Vcenter Server
NVD
EPSS 1% CVSS 7.1
HIGH This Week

hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

VMware Information Disclosure Cisco +1
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Esx +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Denial Of Service Esx +1
NVD
EPSS 6% CVSS 6.9
MEDIUM POC This Month

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation VMware Debian +2
NVD Exploit-DB
EPSS 82% 5.5 CVSS 7.5
HIGH POC THREAT Act Now

VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.9%.

Code Injection VMware RCE +1
NVD Exploit-DB
EPSS 0% CVSS 5.8
MEDIUM This Month

The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

VMware Information Disclosure Cisco +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Cisco Authentication Bypass +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Denial Of Service +2
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection VMware RCE +1
NVD
EPSS 1% CVSS 7.6
HIGH This Week

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Denial Of Service +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware Denial Of Service +8
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

VMware Information Disclosure Microsoft +5
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server Appliance
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Vcenter Server Appliance
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal View
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Java +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Denial Of Service Esx +1
NVD
EPSS 0% CVSS 7.9
HIGH PATCH This Week

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a. Rated high severity (CVSS 7.9).

VMware Information Disclosure Microsoft +2
NVD
EPSS 0% CVSS 8.3
HIGH This Week

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Microsoft +2
NVD
EPSS 81% 5.8 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.6%.

VMware Microsoft RCE +3
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW Monitor

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Authentication Bypass Avamar
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Capacityiq
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware XSS Vcenter Operations
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory. Rated medium severity (CVSS 6.9). No vendor patch available.

VMware Information Disclosure Movie Decoder
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation VMware Grails
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

VMware Information Disclosure Workstation +4
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Eucalyptus
NVD
EPSS 1% CVSS 7.8
HIGH This Week

VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection VMware Denial Of Service +5
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service +6
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

VMware Information Disclosure Vma
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Denial Of Service RCE +5
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +6
NVD
Prev Page 7 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy