Vmware Virtualcenter vulnerabilities
10 known vulnerabilities affecting vmware/virtualcenter.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM6LOW1
Vulnerabilities
Page 1 of 1
CVE-2013-1405CRITICALCVSS 10.0v2.52013-02-15
CVE-2013-1405 [CRITICAL] CWE-287 CVE-2013-1405: VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMwar
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute a
nvd
CVE-2011-0426MEDIUMCVSS 4.3v2.52011-05-09
CVE-2011-0426 [MEDIUM] CWE-22 CVE-2011-0426: Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 be
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2010-0686HIGHCVSS 7.5v2.0.2v2.52010-04-01
CVE-2010-0686 [HIGH] CWE-20 CVE-2010-0686: WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 all
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
nvd
CVE-2009-2277MEDIUMCVSS 4.3v2.0.2v2.52010-04-01
CVE-2009-2277 [MEDIUM] CWE-79 CVE-2009-2277: Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMwa
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
nvd
CVE-2010-1137MEDIUMCVSS 4.3v2.0.2v2.52010-04-01
CVE-2010-1137 [MEDIUM] CWE-79 CVE-2010-1137: Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMwa
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
nvd
CVE-2009-1072MEDIUMCVSS 4.9v2.0.2v2.52009-03-25
CVE-2009-1072 [MEDIUM] CWE-16 CVE-2009-1072: nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a us
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
nvd
CVE-2009-0778HIGHCVSS 7.1v2.0.2v2.52009-03-12
CVE-2009-0778 [HIGH] CVE-2009-0778: The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a ro
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage)
nvd
CVE-2008-4278LOWCVSS 2.1≤ 2.5v1.4.1+3 more2008-10-06
CVE-2008-4278 [LOW] CWE-200 CVE-2008-4278: VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in clear
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
nvd
CVE-2008-3514MEDIUMCVSS 5.0≤ 2.0.2v2.0.2+1 more2008-08-13
CVE-2008-3514 [MEDIUM] CWE-200 CVE-2008-3514: VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/di
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
nvd
CVE-2006-5990MEDIUMCVSS 4.0v1.4.1v2.0.12006-11-21
CVE-2006-5990 [MEDIUM] CWE-20 CVE-2006-5990: VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (B
VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.
nvd