8 matches found
CVE-2008-2100
CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...
CVE-2010-1137
CVE-2010-1137 describes a cross-site scripting (XSS) vulnerability in VMware WebAccess/VMware Console components. Affected products include VMware VirtualCenter 2.0.2 and 2.5, VMware ESX 3.0.3 and 3.5, and VMware Server 1.0; the issue arises from injecting arbitrary web script or HTML via the nam...
CVE-2007-5671
CVE-2007-5671 is a VMware Tools local privilege-escalation issue in the guest HGFS driver (HGFS.sys) present in VMware Workstation/Player/ACE/Server and ESX/ESXi components. The flaw arises from improper validation of arguments to user-mode IOCTLs to .\hgfs, enabling a guest user to modify kernel...
CVE-2008-0967
CVE-2008-0967 describes a local privilege escalation in vmware-authd due to an untrusted library search path. A local user can gain privileges by manipulating a library path option in a configuration file. Affected products include VMware Workstation 5.x (before 5.5.7 build 91707), VMware Worksta...
CVE-2009-3731
CVE-2009-3731 describes multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help used by VMware products (e.g., vCenter/ESX/Server, Lab Manager, Stage Manager). The root cause is insufficient sanitization of inbound input in WebWorks Help output formats, enabling remote attackers to i...
CVE-2010-0686
Summary: CVE-2010-0686 concerns VMware WebAccess in VMware VirtualCenter (2.0.2/2.5), VMware Server 2.0, and VMware ESX (3.0.3/3.5). The issue is a URL forwarding vulnerability where the WebAccess proxy functionality does not properly validate/limit inbound requests, allowing an attacker to spoof...
CVE-2009-2277
CVE-2009-2277 is a WebAccess cross-site scripting vulnerability in VMware infrastructure products (VirtualCenter 2.0.2/2.5 and ESX 3.0.3/3.5) that allows remote script/HTML injection via the context data mechanism. Attacks can be launched by enticing a user to request a malicious URL (e.g., throu...
CVE-2007-1270
CVE-2007-1270 involves a double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1. The root cause is a double free in a component that can lead to a crash (DoS), potential information leak, and possibly arbitrary code execution via unspecified vectors. Exploitation details are not provided ...