Filtered by vendor Vmware
Subscriptions
Total
955 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2025-04-09 | 7.8 High |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||||
| CVE-2009-2848 | 8 Canonical, Fedoraproject, Linux and 5 more | 15 Ubuntu Linux, Fedora, Linux Kernel and 12 more | 2025-04-09 | N/A |
| The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | ||||
| CVE-2009-2968 | 1 Vmware | 1 Studio | 2025-04-09 | N/A |
| Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors. | ||||
| CVE-2009-3080 | 7 Canonical, Debian, Linux and 4 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2025-04-09 | N/A |
| Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||||
| CVE-2009-3707 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | N/A |
| VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3733 | 2 Linux, Vmware | 4 Linux Kernel, Esx, Esxi and 1 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | ||||
| CVE-2009-3547 | 8 Canonical, Fedoraproject, Linux and 5 more | 17 Ubuntu Linux, Fedora, Linux Kernel and 14 more | 2025-04-09 | 7.0 High |
| Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | ||||
| CVE-2009-3731 | 3 Microsoft, Vmware, Webworks | 11 Windows, Esx Server, Lab Manager and 8 more | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. | ||||
| CVE-2003-1291 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables. | ||||
| CVE-2002-0814 | 1 Vmware | 1 Gsx Server | 2025-04-03 | N/A |
| Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | ||||
| CVE-2005-3619 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. | ||||
| CVE-2005-3618 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks. | ||||
| CVE-2005-2939 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | ||||
| CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2025-04-03 | N/A |
| The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | ||||
| CVE-2005-4773 | 1 Vmware | 1 Esx | 2025-04-03 | N/A |
| The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console. | ||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2025-04-03 | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | ||||
| CVE-2001-1059 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | ||||
| CVE-2000-0090 | 1 Vmware | 1 Workstation | 2025-04-03 | N/A |
| VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. | ||||
| CVE-2006-3589 | 1 Vmware | 5 Esx, Infrastructure, Player and 2 more | 2025-04-03 | N/A |
| vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. | ||||