Esx Security Vulnerabilities and Issues — Esx CVE List

Lucene search

VmwareEsx

10 matches found

CVE•added 2009/03/25 1:30 a.m.•95 views

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

4.9CVSS4.4AI score0.00801EPSS

CVE•added 2009/05/14 5:30 p.m.•89 views

CVE-2009-1630

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by f...

4.4CVSS4.7AI score0.00109EPSS

CVE•added 2014/01/17 9:55 p.m.•69 views

CVE-2014-1207

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.

4.3CVSS6.6AI score0.02957EPSS

CVE•added 2009/06/01 7:30 p.m.•63 views

CVE-2009-1805

Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 1479...

4CVSS6.2AI score0.00083EPSS

CVE•added 2008/06/05 8:32 p.m.•62 views

CVE-2007-5671

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_N...

4.4CVSS6.8AI score0.00116EPSS

CVE•added 2013/09/04 3:24 a.m.•57 views

CVE-2013-1661

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.

4.3CVSS6.2AI score0.00364EPSS

CVE•added 2006/04/13 10:0 a.m.•48 views

CVE-2005-4773

The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.

4.9CVSS6.6AI score0.00047EPSS

CVE•added 2005/12/29 11:3 a.m.•44 views

CVE-2005-4583

Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).

4.3CVSS6.9AI score0.016EPSS

CVE•added 2013/12/23 3:42 p.m.•44 views

CVE-2013-5973

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.

4.4CVSS6.2AI score0.00035EPSS

CVE•added 2009/02/03 7:30 p.m.•40 views

CVE-2008-4914

Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.

4.7CVSS6.4AI score0.00041EPSS