CVE-2012-1666

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the...

CVE-2012-3289

VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service guest OS crash via crafted traffic from a remote virtual device...

CVE-2013-1210

Array index error in the Virtual Ethernet Module VEM kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service ESXi crash and purple screen of death by sending crafted STUN packets to a VEM, aka Bug ID...

CVE-2013-5972

VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors...

CVE-2013-3080

VMware vCenter Server Appliance vCSA 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface VAMI web-interface access...

CVE-2013-3079

VMware vCenter Server Appliance vCSA 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface VAMI access...

CVE-2013-3658

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors...

CVE-2013-1662

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsbrelease binary in a directory in the PATH, related to use of the popen library function...

CVE-2009-3281

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors...

PT-2025-22880 · Vmware · Vmware Avi Load Balancer

Name of the Vulnerable Software and Affected Versions: VMware Avi Load Balancer affected versions not specified Description: The issue is related to a lack of protection against SQL query structure exploitation in VMware Avi Load Balancer, allowing a remote attacker to gain unauthorized access to...

CVE-2007-5024

EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620...

CVE-2005-0444

VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code...

CVE-2007-5025

Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user."...

CVE-2005-4773

The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service shutdown via the 1 halt, 2 poweroff, and 3 reboot scripts executed at the service console...

CVE-2009-3282

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors...

Vulnerabilities fixed in VMware Cloud Foundation

Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.4.0 through 6.4.5 that stems from not properly locating security annotations o...

Photon OS 4.0: Linux PHSA-2025-4.0-0801

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0801. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-41227

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-servi...

CVE-2025-41228

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...