Server Security Vulnerabilities and Issues — Server CVE List

Lucene search

VmwareServer

8 matches found

CVE•added 2009/03/25 1:30 a.m.•95 views

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

4.9CVSS4.4AI score0.00801EPSS

CVE•added 2010/04/01 7:30 p.m.•72 views

CVE-2010-1137

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.

4.3CVSS6AI score0.00966EPSS

CVE•added 2009/06/01 7:30 p.m.•63 views

CVE-2009-1805

Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 1479...

4CVSS6.2AI score0.00083EPSS

CVE•added 2008/06/05 8:32 p.m.•62 views

CVE-2007-5671

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_N...

4.4CVSS6.8AI score0.00116EPSS

CVE•added 2009/04/06 3:30 p.m.•51 views

CVE-2009-1146

Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknow...

4.9CVSS6AI score0.00184EPSS

CVE•added 2006/06/02 10:18 a.m.•50 views

CVE-2006-2662

VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.

4.6CVSS6.4AI score0.00071EPSS

CVE•added 2009/12/16 6:30 p.m.•45 views

CVE-2009-3731

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks ...

4.3CVSS5.6AI score0.02195EPSS

CVE•added 2010/04/01 7:30 p.m.•42 views

CVE-2010-1193

Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.

4.3CVSS5.5AI score0.00365EPSS