Filtered by vendor Vmware
Subscriptions
Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6410 | 1 Vmware | 1 Workstation | 2025-04-09 | N/A |
| Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function. | ||||
| CVE-2008-3761 | 1 Vmware | 1 Vmware Workstation | 2025-04-09 | N/A |
| hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request. | ||||
| CVE-2008-3892 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | N/A |
| Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696. | ||||
| CVE-2006-2481 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | ||||
| CVE-2001-1059 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | ||||
| CVE-2002-0814 | 1 Vmware | 1 Gsx Server | 2025-04-03 | N/A |
| Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | ||||
| CVE-2003-0480 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation." | ||||
| CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2025-04-03 | N/A |
| VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | ||||
| CVE-2003-1291 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables. | ||||
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | ||||
| CVE-2005-0444 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | ||||
| CVE-2005-2939 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | ||||
| CVE-2005-3620 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. | ||||
| CVE-2005-3619 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. | ||||
| CVE-2005-4459 | 1 Vmware | 4 Ace, Gsx Server, Player and 1 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands. | ||||
| CVE-2005-4583 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS). | ||||
| CVE-2005-4773 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console. | ||||
| CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2025-04-03 | N/A |
| The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | ||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2025-04-03 | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | ||||
| CVE-2006-2662 | 1 Vmware | 1 Server | 2025-04-03 | N/A |
| VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | ||||