Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-1137
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote malicious users to inject arbitrary web script or HTML via the name of a virtual machine.
Vmware Virtualcenter 2.0.2
Vmware Virtualcenter 2.5
Vmware Server 1.0
Vmware Esx Server 3.0.3
Vmware Esx Server 3.5
NA
CVE-2010-0686
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote malicious users to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
Vmware Virtualcenter 2.0.2
Vmware Virtualcenter 2.5
Vmware Server 2.0.0
Vmware Esx Server 3.5
Vmware Esx Server 3.0.3
NA
CVE-2015-2342
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote malicious users to execute arbitrary code via the RMI protocol.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
Vmware Vcenter Server 5.0
Vmware Vcenter Server 5.1
1 EDB exploit
1 Github repository
1 Article
NA
CVE-2013-1659
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 prior to 5.1.0b; VMware ESXi 3.5 up to and including 5.1; and VMware ESX 3.5 up to and including 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle malicious u...
Vmware Vcenter Server 4.0
Vmware Vcenter Server Appliance 5.1.0a
Vmware Vcenter Server Appliance 5.1
Vmware Vcenter Server 5.0
Vmware Esxi 5.1
Vmware Esxi 5.0
Vmware Esxi 4.0
Vmware Esxi 4.1
Vmware Esxi 3.5
5.3
CVSSv3
CVE-2020-3976
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Vmware Cloud Foundation
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0
NA
CVE-2008-2100
Multiple buffer overflows in VIX API 1.1.x prior to 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 up to and including 3.5 allow guest OS users to execute ...
Vmware Esx Server 3.5
Vmware Esxi 3.5
Vmware Fusion
Vmware Player
Vmware Esx 2.5.4
Vmware Esx 3.0.0
Vmware Esx 3.0.1
Vmware Esx 3.0.2
Vmware Ace
Vmware Server
Vmware Workstation
Vmware Esx Server 3.0
Vmware Esx 2.5.5
Vmware Esx 3.5
5.5
CVSSv3
CVE-2022-31697
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext password...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
1 Article
6.5
CVSSv3
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create ...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
7.5
CVSSv3
CVE-2021-22008
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
5.3
CVSSv3
CVE-2021-22011
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
Vmware Cloud Foundation
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »