10 matches found
CVE-2009-1072
CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...
CVE-2009-0778
CVE-2009-0778 affects the Linux kernel prior to 2.6.25 when configured as a router with a REJECT route. The icmp_send code in net/ipv4/icmp.c can mishandle the Protocol Independent Destination (DST) cache, potentially leaking DST state and allowing remote attackers to cause a denial of service (c...
CVE-2010-1137
CVE-2010-1137 describes a cross-site scripting (XSS) vulnerability in VMware WebAccess/VMware Console components. Affected products include VMware VirtualCenter 2.0.2 and 2.5, VMware ESX 3.0.3 and 3.5, and VMware Server 1.0; the issue arises from injecting arbitrary web script or HTML via the nam...
CVE-2008-4278
VMware CVE-2008-4278 affects VMware VirtualCenter 2.5 prior to Update 3 (build 119838). The issue allows a displayed password in cleartext for certain characters, enabling a local attacker with access to the UI to capture the password. VMware’s advisory VMSA-2008-0016 confirms the vulnerability a...
CVE-2013-1405
CVE-2013-1405 affects multiple VMware products (vCenter Server, VirtualCenter, vSphere Client, VI-Client, ESXi/ESX 3.5–4.1). A flaw in the management authentication protocol allows remote servers to trigger code execution or memory corruption via unspecified vectors. VMware’s VMSA-2013-0001 descr...
CVE-2010-0686
Summary: CVE-2010-0686 concerns VMware WebAccess in VMware VirtualCenter (2.0.2/2.5), VMware Server 2.0, and VMware ESX (3.0.3/3.5). The issue is a URL forwarding vulnerability where the WebAccess proxy functionality does not properly validate/limit inbound requests, allowing an attacker to spoof...
CVE-2009-2277
CVE-2009-2277 is a WebAccess cross-site scripting vulnerability in VMware infrastructure products (VirtualCenter 2.0.2/2.5 and ESX 3.0.3/3.5) that allows remote script/HTML injection via the context data mechanism. Attacks can be launched by enticing a user to request a malicious URL (e.g., throu...
CVE-2011-0426
CVE-2011-0426 corresponds to VMware vCenter Server and VirtualCenter directory traversal vulnerability that allows remote read of arbitrary files via unspecified vectors. Affected products/versions per advisories: vCenter Server 4.0 before Update 3, vCenter Server 4.1 before Update 1, and Virtual...
CVE-2006-5990
CVE-2006-5990 concerns VMware VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425). When server certificate verification is enabled, the client does not verify the server’s X.509 certificate during SSL session creation, allowing remote malicious...
CVE-2008-3514
CVE-2008-3514 affects VMware VirtualCenter: versions 2.5 before Update 2 and 2.0.2 before Update 5 expose an information disclosure through client-side enabled/disabled functionality that can reveal usernames of system accounts. The root cause is a permission-control weakness in the GUI enabling ...