Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

vmware infrastructure 3 vulnerabilities and exploits

(subscribe to this query)
935
VMScore
CVE-2011-2217
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly ha...
Tomsawyer Get Extension Factory 5.5.2.237Vmware Virtual Infrastructure Client 2.0.2Vmware Virtual Infrastructure Client 2.5Vmware Infrastructure 3
320
VMScore
CVE-2006-3589
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
Vmware Esx 2.1.1Vmware Esx 2.1.2Vmware Esx 2.1Vmware Server 1.0.1 Build 29996Vmware Workstation 5.5.3Vmware Esx 2.0.1Vmware Infrastructure 3Vmware PlayerVmware Esx 2.0Vmware Esx 2.5Vmware Esx 2.5.2
672
VMScore
CVE-2020-11651
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user toke...
Saltstack SaltOpensuse Leap 15.1Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 16.04Vmware Application Remote Collector 8.0.0Vmware Application Remote Collector 7.5.0
360
VMScore
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack SaltOpensuse Leap 15.1Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 16.04Blackberry Workspaces Server 9.1.0Blackberry Workspaces ServerVmware Application Remote Collector 8.0.0Vmware Application Remote Collector 7.5.0
543
VMScore
CVE-2019-1594
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication P...
Cisco Nx-os
739
VMScore
CVE-2020-3172
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent malicious user to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability ...
Cisco Firepower Extensible Operating SystemCisco Ucs ManagerCisco Nx-os -Cisco Nx-os 5.2\\(1\\)sv5\\(1.2\\)Cisco Nx-os 7.3\\(5\\)n1\\(1\\)Cisco Nx-os 7.3\\(0\\)d1\\(0.140\\)Cisco Nx-os 7.3\\(0\\)d1\\(0.146\\)Cisco Nx-os 7.0\\(3\\)i3\\(0.191\\)Cisco Nx-os 13.2\\(7.230\\)Cisco Nx-os 14.2\\(1i\\)
512
VMScore
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with...
Apache Log4j 2.0Apache Log4jIntel Oneapi -Intel Audio Development Kit -Intel Datacenter Manager -Intel System Debugger -Intel Secure Device Onboard -Intel Sensor Solution Firmware Development Kit -Intel Computer Vision Annotation Tool -Intel Genomics Kernel Library -Intel System Studio -Siemens Sppa-t3000 Ses3000 FirmwareSiemens Logo\\! Soft ComfortSiemens Spectrum Power 4 4.70Siemens Spectrum Power 4Siemens Siveillance Control ProSiemens Energyip Prepay 3.7Siemens Energyip Prepay 3.8Siemens Siveillance Identity 1.6Siemens Siveillance Identity 1.5Siemens Siveillance CommandSiemens Sipass Integrated 2.85
1000
VMScore
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0Apache Log4jSiemens Sppa-t3000 Ses3000 FirmwareSiemens Logo\\! Soft ComfortSiemens Spectrum Power 4 4.70Siemens Spectrum Power 4Siemens Siveillance Control ProSiemens Energyip Prepay 3.7Siemens Energyip Prepay 3.8Siemens Siveillance Identity 1.6Siemens Siveillance Identity 1.5Siemens Siveillance CommandSiemens Sipass Integrated 2.85Siemens Sipass Integrated 2.80Siemens Head-end System Universal Device Integration SystemSiemens Gma-managerSiemens Energyip 8.5Siemens Energyip 8.6Siemens Energyip 8.7Siemens Energyip 9.0Siemens Energy Engage 3.1Siemens E-car Operation Center
445
VMScore
CVE-2014-3569
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected ...
Openssl Openssl 1.0.1j
419
VMScore
CVE-2018-3640
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Var...
Intel Pentium J J4205Intel Celeron N N3450Intel Atom Z Z2560Intel Atom Z Z2580Intel Atom Z Z3590Intel Atom Z Z3735dIntel Atom Z Z3740dIntel Atom Z Z3745Intel Atom Z Z3795Intel Atom Z Z2420Intel Atom C C3338Intel Atom C C3508Intel Atom C C3830Intel Atom C C3850Intel Xeon Silver 4110Intel Xeon Silver 4112Intel Xeon Platinum 8160Intel Xeon Platinum 8160fIntel Xeon Platinum 8176Intel Xeon Platinum 8176fIntel Xeon Gold 85120Intel Pentium Silver J5005
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook