Produkt Virtualcenter (...) - CVEMAP.ORG

Podatności dla 'Virtualcenter'

2013-02-15

CVE-2013-1405

CWE-287

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

2011-05-09

CVE-2011-0426

CWE-22

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

2010-04-01

CVE-2010-1137

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.

CVE-2010-0686

CWE-20

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."

CVE-2009-2277

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."

2008-10-06

CVE-2008-4278

CWE-200

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

2008-08-13

CVE-2008-3514

CWE-200

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."

2006-11-20

CVE-2006-5990

CWE-20

VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.

>>> Vendor: Vmware 132 Produkty

Virtualcenter

Vmware workstation

Vmware player 2

Vmware virtualcenter

Vcenter lab manager

Vcenter stage manager

Springsource spring security

Virtual infrastructure client

Springsource spring framework

Vcenter update manager

Vcenter chargeback manager

Vcenter orchestrator

Vshield manager

Vcenter operations

Vcenter server appliance

Vcloud director

Vcloud networking and security

Vcloud automation center

Vsphere data protection

Horizon view client

Vrealize orchestrator

Vrealize business

Vrealize automation

Vcloud automation identity appliance

Vrealize log insight

Vcloud networking and security edge

Workstation player

Workstation pro

Identity manger

Vrealize operations

Unified access gateway

Intelligent hub

Workspace one boxer

Workspace one content

Workspace one intelligent hub

Workspace one notebook

Workspace one people

Workspace one piv-d manager

Workspace one sdk

Workspace one sdk \(objective-c\)

Workspace one web

Spring cloud config

Tanzu application service for vms

Cloud foundation

Zobacz wszystkie produkty dla producenta Vmware

Copyright 2024, cxsecurity.com