27 matches found
Security Bulletin: Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-38812, CVE-2024-38813]
Summary Vulnerabilities in VMware vCenter affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38812 DESCRIPTION: Broadcom VMware vCenter Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of the DCERPC protocol. By sending a...
Restore a deleted vCenter Server Appliance (VCSA) with High Availability (HA) enabled
Challenge You need to restore a vCenter Server Appliance VCSA with the original name and to the original location. Before the VCSA got corrupted or was deleted, High Availability HA was enabled in the VMware cluster. If HA remains active at the ESXi host level during the restore process, HA can...
Privilege escalation
VMware vCenter Server Appliance vCSA 6.5 before 6.5 U1d contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS...
CVE-2017-4943
CVE-2017-4943 affects VMware vCenter Server Appliance (vCSA) 6.5 prior to 6.5 Update 1d (U1d). A local privilege-escalation via the 'showlog' plugin could allow a low-privileged user to gain root privileges on the appliance base OS. Public details in VMware’s VMSA-2017-0021 describe this issue an...
Cross site scripting
Cross-site scripting XSS vulnerability in VMware vCenter Server Appliance vCSA 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-8371
CVE-2014-8371 affects VMware vCenter Server and vCSA when connecting to an ESXi CIM server; root cause is improper certificate validation that enables MITM spoofing of CIM services. Affected versions: vCSA 5.5 before Update 2, vCenter Server 5.1 before Update 3, and 5.0 before Update 3c. Remediat...
VMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities
a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance vCSA contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMwa...
VMware Security Updates for vCenter Server (VMSA-2014-0012)
VMware vCenter product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
VMware vSphere product updates address security vulnerabilities
a. VMware vCSA cross-site scripting vulnerabilityVMware vCenter Server Appliance vCSA contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMwar...
VMSA-2014-0012:VMware vSphere product updates address security vulnerabilities
VMSA-2014-0012.1 VMware vSphere product updates address security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0012.1 VMware Security Advisory Synopsis: VMware vSphere product updates address security vulnerabilities VMware Security Advisory Issue date:...
CVE-2013-3079
VMware vCenter Server Appliance vCSA 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface VAMI access...
CVE-2013-3080
VMware vCenter Server Appliance vCSA 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface VAMI web-interface access...
Design/Logic Flaw
VMware vCenter Server Appliance vCSA 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface VAMI web-interface access...
CVE-2013-3080
Summary (CVE-2013-3080) : VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 contains a vulnerability in the Virtual Appliance Management Interface (VAMI). An authenticated remote attacker can upload files to an arbitrary location via VAMI, potentially overwriting files and enabling code ...
CVE-2013-3079
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 contains a remote authenticated code execution vulnerability in the Virtual Appliance Management Interface (VAMI). An authenticated attacker with VAMI access can run arbitrary programs with root privileges. The issue is addressed by VMwar...
CVE-2012-6326
CVE-2012-6326 affects VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCenter Server Appliance/vCSA 5.0 before Update 2, enabling unauthenticated remote users to trigger abnormally large log entries and cause a denial of service (disk consumption). Connected advisories conf...
VMWare vCSA/ESXi multiple security vulnerabilities
Directory traversal, information leakage...
VMSA-2012-0018 VMware security updates for vCSA and ESXi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VMware Security Advisory Advisory ID: VMSA-2012-0018 Synopsis: VMware security updates for vCSA and ESXi Issue date: 2012-12-20 Updated on: 2012-12-20 initial advisory CVE numbers: ------------- vCSA --------------- CVE-2012-6324, CVE-2012-6325...
VMSA-2012-0018: VMware security updates for vCSA and ESXi
The remote ESXi is missing one or more security related Updates from VMSA-2012-0018. Summary VMware has updated vCenter Server Appliance vCSA and ESX to address multiple security vulnerabilities Relevant releases vCenter Server Appliance 5.1 prior to vCSA 5.1.0b vCenter Server Appliance 5.0 prior...
VMSA-2012-0018 : VMware security updates for vCSA and ESXi
a. vCenter Server Appliance directory traversal The vCenter Server Appliance vCSA contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like ...