Vmware Vcenter Server vulnerabilities

CVE-2015-6932 [MEDIUM] VMware vCenter Server updates address a LDAP certificate validation issue VMSA-2015-0006: VMware vCenter Server updates address a LDAP certificate validation issue VMware vCenter Server LDAP certificate validation vulnerability. VMware vCenter Server does not validate the certificate when connecting to a single sign on identity source using LDAPS (LDAP over SSL). This applies when connecting to Active Directory as an LDAP Server or OpenLDAP. Exploitation of this vulnerabi

CVE-2014-3513 [MEDIUM] VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues VMSA-2015-0001: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. The vulnerability does not allo

CVE-2013-1752 [MEDIUM] VMware vSphere product updates address security vulnerabilities VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Seck

CVE-2013-5970 [HIGH] VMware vSphere updates address multiple vulnerabilities VMSA-2013-0012: VMware vSphere updates address multiple vulnerabilities a. VMware ESXi and ESX contain a vulnerability in hostd-vmdb. To exploit this vulnerability, an attacker must intercept and modify the management traffic. Exploitation of the issue may lead to a Denial of Service of the hostd-vmdb service. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management netw

CVE-2012-2110 [HIGH] VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. VMSA-2013-0003: VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability,

CVE-2011-1202 [CRITICAL] VMware vSphere security updates for the authentication service and third party libraries VMSA-2013-0001: VMware vSphere security updates for the authentication service and third party libraries a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter S

CVE-2010-0405 [HIGH] VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues VMSA-2012-0005: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not prop

CVE-2011-4404 [MEDIUM] VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMSA-2011-0014: VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability a. Directory traversal in third party Jetty Web server component VMware vSphere Update Manager is an automated patch management solution for VMware ESX hosts and Microsoft virtual machines. Update Manager embeds the Jetty Web server which is a third party compon

CVE-2011-0426 [MEDIUM] VMware vCenter Server and vSphere Client security vulnerabilities VMSA-2011-0008: VMware vCenter Server and vSphere Client security vulnerabilities a. vCenter Server Directory Traversal vulnerability A directory traversal vulnerability allows an attacker to remotely retrieve files from vCenter Server without authentication. In order to exploit this vulnerability, the attacker will need to have access to the network on which the vCenter Server host resides. In case vCenter

CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager,

CVE-2007-2052 [MEDIUM] VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the f