5 matches found
CVE-2009-0778
CVE-2009-0778 affects the Linux kernel prior to 2.6.25 when configured as a router with a REJECT route. The icmp_send code in net/ipv4/icmp.c can mishandle the Protocol Independent Destination (DST) cache, potentially leaking DST state and allowing remote attackers to cause a denial of service (c...
CVE-2009-3731
CVE-2009-3731 describes multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help used by VMware products (e.g., vCenter/ESX/Server, Lab Manager, Stage Manager). The root cause is insufficient sanitization of inbound input in WebWorks Help output formats, enabling remote attackers to i...
CVE-2011-0426
CVE-2011-0426 corresponds to VMware vCenter Server and VirtualCenter directory traversal vulnerability that allows remote read of arbitrary files via unspecified vectors. Affected products/versions per advisories: vCenter Server 4.0 before Update 3, vCenter Server 4.1 before Update 1, and Virtual...
CVE-2011-1789
The CVE-2011-1789 entry describes an unsigned self-extracting installer in the vSphere Client Installer for VMware vCenter 4.0 (before Update 3) and 4.1 (before Update 1), as well as VMware ESXi 4.x (before 4.1 Update 1) and ESX 4.x (before 4.1 Update 1). The root cause is the lack of a digital s...
CVE-2011-1788
CVE-2011-1788 is discussed in VMware advisory VMSA-2011-0008 and related Nessus plugin; it covers SOAP session ID disclosure in vCenter Server as part of multiple VMware vulnerabilities. Connected documents also describe: (1) CVE-2011-0426 (directory traversal) affecting vCenter Server, VirtualCe...