Vmware Vcenter vulnerabilities

CVE-2025-41250 [HIGH] CWE-77 CVE-2025-41250: VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administr VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

CVE-2025-41241 [MEDIUM] CWE-754 CVE-2025-41241: VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated th VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

CVE-2011-0426 [MEDIUM] CWE-22 CVE-2011-0426: Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 be Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2011-1789 [MEDIUM] CWE-310 CVE-2011-1789: The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before U The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse install

CVE-2011-1788 [LOW] CWE-200 CVE-2011-1788: vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to d vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.

CVE-2009-3731 [MEDIUM] CWE-79 CVE-2009-3731: Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCent Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and

CVE-2009-0778 [HIGH] CVE-2009-0778: The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a ro The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage)