Search Results (1047 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31708 1 Vmware 1 Vrealize Operations 2025-04-18 4.9 Medium
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
CVE-2022-31707 1 Vmware 1 Vrealize Operations 2025-04-18 7.2 High
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
CVE-2014-3790 1 Vmware 1 Vcenter Server Appliance 2025-04-12 N/A
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
CVE-2016-7085 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2025-04-12 N/A
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2014-1210 1 Vmware 1 Vsphere Client 2025-04-12 N/A
VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
CVE-2014-2384 1 Vmware 2 Player, Workstation 2025-04-12 N/A
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable."
CVE-2016-7079 2 Apple, Vmware 2 Mac Os X, Tools 2025-04-12 N/A
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
CVE-2016-2076 1 Vmware 3 Vcenter Server, Vcloud Automation Identity Appliance, Vcloud Director 2025-04-12 N/A
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
CVE-2016-7463 1 Vmware 1 Esxi 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.
CVE-2014-4199 2 Redhat, Vmware 4 Enterprise Linux, Tools, Vm-support and 1 more 2025-04-12 N/A
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
CVE-2016-2078 2 Microsoft, Vmware 2 Windows, Vcenter Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.
CVE-2015-6933 1 Vmware 4 Esxi, Fusion, Player and 1 more 2025-04-12 N/A
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.
CVE-2014-4200 2 Redhat, Vmware 4 Enterprise Linux, Tools, Vm-support and 1 more 2025-04-12 N/A
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
CVE-2014-3625 3 Pivotal Software, Redhat, Vmware 7 Spring Framework, Jboss Amq, Jboss Bpms and 4 more 2025-04-12 N/A
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
CVE-2016-2075 2 Linux, Vmware 2 Linux Kernel, Vrealize Business Advanced And Enterprise 2025-04-12 5.4 Medium
Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6932 1 Vmware 1 Vcenter Server 2025-04-12 N/A
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-0054 3 Redhat, Springsource, Vmware 4 Jboss Amq, Jboss Fuse, Spring Framework and 1 more 2025-04-12 N/A
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CVE-2014-3793 1 Vmware 4 Esxi, Fusion, Player and 1 more 2025-04-12 N/A
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.
CVE-2015-6934 1 Vmware 2 Vcenter Orchestrator, Vrealize Orchestrator 2025-04-12 N/A
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVE-2016-5335 1 Vmware 2 Identity Manager, Vrealize Automation 2025-04-12 7.8 High
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.