Vmware Vsphere vulnerabilities

25 known vulnerabilities affecting vmware/vsphere.

Total CVEs

25

CISA KEV

1

actively exploited

Public exploits

5

Exploited in wild

1

Severity breakdown

CRITICAL4HIGH7MEDIUM14

Vulnerabilities

Page 2 of 2

CVE-2009-5029MEDIUMCVSS 4.0PoC2012-12-20

CVE-2009-5029 [MEDIUM] VMware security updates for vCSA, vCenter Server, and ESXi VMSA-2012-0018: VMware security updates for vCSA, vCenter Server, and ESXi a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan

CVE-2012-3569HIGHCVSS 8.3PoC2012-11-08

CVE-2012-3569 [HIGH] VMware Hosted Products and OVF Tool address security issues VMSA-2012-0015: VMware Hosted Products and OVF Tool address security issues a. VMware Workstation and Player Weak permissions on process threads vulnerability. Certain processes when created have weak security permissions assigned. It is possible to commandeer these process threads, which could result in Elevation of Privilege in the context of the host. VMware would like to thank Derek Soeder of Cylance, Inc. for

CVE-2012-1512MEDIUMCVSS 4.3≤ 4.1≤ 5.02012-03-16

CVE-2012-1512 [MEDIUM] CWE-79 CVE-2012-1512: Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.

CVE-2010-0296MEDIUMCVSS 4.72011-10-12

CVE-2010-0296 [MEDIUM] VMware ESX third party updates for Service Console packages glibc and dhcp VMSA-2011-0012: VMware ESX third party updates for Service Console packages glibc and dhcp a. ESX third party update for Service Console kernel This update takes the console OS kernel package to kernel-2.6.18-238.9.1 which resolves multiple security issues. The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-

CVE-2009-3080HIGHCVSS 7.82011-06-02

CVE-2009-3080 [HIGH] VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues VMSA-2011-0009: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues a. VMware vmkernel third party e1000(e) Driver Packet Filter Bypass There is an issue in the e1000(e) Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has

← Previous2 / 2