Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-2342
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote malicious users to execute arbitrary code via the RMI protocol.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
Vmware Vcenter Server 5.0
Vmware Vcenter Server 5.1
1 EDB exploit
1 Github repository
1 Article
NA
CVE-2010-0686
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote malicious users to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
Vmware Virtualcenter 2.0.2
Vmware Virtualcenter 2.5
Vmware Server 2.0.0
Vmware Esx Server 3.5
Vmware Esx Server 3.0.3
NA
CVE-2010-1137
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote malicious users to inject arbitrary web script or HTML via the name of a virtual machine.
Vmware Virtualcenter 2.0.2
Vmware Virtualcenter 2.5
Vmware Server 1.0
Vmware Esx Server 3.0.3
Vmware Esx Server 3.5
NA
CVE-2013-1659
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 prior to 5.1.0b; VMware ESXi 3.5 up to and including 5.1; and VMware ESX 3.5 up to and including 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle malicious u...
Vmware Vcenter Server 4.0
Vmware Vcenter Server Appliance 5.1.0a
Vmware Vcenter Server Appliance 5.1
Vmware Vcenter Server 5.0
Vmware Esxi 5.1
Vmware Esxi 5.0
Vmware Esxi 4.0
Vmware Esxi 4.1
Vmware Esxi 3.5
5.3
CVSSv3
CVE-2020-3976
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Vmware Cloud Foundation
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0
NA
CVE-2008-2100
Multiple buffer overflows in VIX API 1.1.x prior to 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 up to and including 3.5 allow guest OS users to execute ...
Vmware Esx Server 3.5
Vmware Esxi 3.5
Vmware Fusion
Vmware Player
Vmware Esx 2.5.4
Vmware Esx 3.0.0
Vmware Esx 3.0.1
Vmware Esx 3.0.2
Vmware Ace
Vmware Server
Vmware Workstation
Vmware Esx Server 3.0
Vmware Esx 2.5.5
Vmware Esx 3.5
7.5
CVSSv3
CVE-2022-22982
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
9.8
CVSSv3
CVE-2021-21986
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Serv...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
1 Github repository
1 Article
7.5
CVSSv3
CVE-2021-22008
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
5.3
CVSSv3
CVE-2021-22011
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
Vmware Cloud Foundation
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »