RSS   Vulnerabilities for 'Virtualcenter'   RSS

2013-02-15
 
CVE-2013-1405

CWE-287
 

 
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

 
2011-05-09
 
CVE-2011-0426

CWE-22
 

 
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

 
2010-04-01
 
CVE-2010-1137

 

 
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.

 
 
CVE-2010-0686

CWE-20
 

 
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."

 
 
CVE-2009-2277

 

 
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."

 
2008-10-06
 
CVE-2008-4278

CWE-200
 

 
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

 
2008-08-13
 
CVE-2008-3514

CWE-200
 

 
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

 
2006-11-20
 
CVE-2006-5990

CWE-20
 

 
VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.

 

 >>> Vendor: Vmware 82 Products
Workstation
Gsx server
Esx server
ACE
Player
Server
Infrastructure
Virtualcenter
Vmware workstation
Vmware player
Vmware server
ESXI
ESX
Ace 2
Fusion
Vmware player 2
Vmware ace
Vmware esx
Vmware esxi
Movie decoder
Vmware virtualcenter
Studio
Lab manager
Stage manager
Vcenter
Vcenter lab manager
Vcenter stage manager
VMRC
Vix api
View manager
Tc server
Vcenter server
Springsource spring security
Open-vm-tools
Virtual infrastructure client
Springsource spring framework
AMS
Vcenter update manager
Zimbra desktop
Vcenter chargeback manager
VIEW
Vsphere
Vcenter orchestrator
Vshield manager
VMA
Vcenter operations
Capacityiq
Ovf tool
Vcenter server appliance
Hyperic hq
Vi-client
Vsphere client
Vcloud director
Tools
Vm-support
NSX
Vcloud networking and security
Airwatch
Vcloud automation center
Vsphere data protection
Horizon client
Horizon view client
Vrealize orchestrator
Vrealize business
Vrealize automation
Vcloud automation identity appliance
Vrealize log insight
Nsx edge
Vcloud networking and security edge
Workstation player
Workstation pro
Photon os
Identity manger
Fusion pro
Vrealize operations
Horizon view
Airwatch inbox
Airwatch agent
Horizon daas
Unified access gateway
Harbor
Xenon


Copyright 2019, cxsecurity.com

 

Back to Top