Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware tools vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1056
VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" serv...
Vmware Workstation 5.5.3 Build 34685
5.4
CVSSv3
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
7.2
CVSSv3
CVE-2020-24045
A sandbox escape issue exists in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest vi...
Titanhq Spamtitan 7.07
NA
CVE-2010-2189
Adobe Flash Player prior to 9.0.277.0 and 10.x prior to 10.1.53.64, and Adobe AIR prior to 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows malicious users to cause a denial of service (memory corruption) or possibly execute arbitrary code via ...
Adobe Flash Player 9.0.152.0
Adobe Flash Player 9.0.151.0
Adobe Flash Player 9.0.31
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.246.0
Adobe Flash Player 9.0.159.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.28
Adobe Flash Player 9.0.260.0
Adobe Flash Player 9.0.115.0
Adobe Flash Player 9.0.48.0
Adobe Flash Player 9.0.16
Adobe Flash Player 9.0.262.0
Adobe Flash Player 9.0.125.0
Adobe Flash Player 9.0.124.0
Adobe Flash Player 9.0.20.0
Adobe Flash Player 9.0.20
Adobe Flash Player 10.0.0.584
Adobe Flash Player 10.0.12.10
Adobe Flash Player 10.0.42.34
8.8
CVSSv3
CVE-2017-3823
An issue exists in the Cisco WebEx Extension prior to 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container prior to 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin prior to 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX ...
Cisco Activetouch General Plugin Container 105
Cisco Webex
Cisco Download Manager 2.1.0.9
Cisco Gpccontainer Class
Cisco Webex Meetings Server 2.0 Mr7
Cisco Webex Meetings Server 2.0 Mr8
Cisco Webex Meetings Server 2.5 Mr1
Cisco Webex Meetings Server 2.5 Mr2
Cisco Webex Meetings Server 2.5 Mr6
Cisco Webex Meetings Server 2.6 Mr3
Cisco Webex Meetings Server 2.7 Base
Cisco Webex Meetings Server 2.0 Base
Cisco Webex Meetings Server 2.0 Mr2
Cisco Webex Meetings Server 2.0 Mr9
Cisco Webex Meetings Server 2.5 Mr3
Cisco Webex Meetings Server 2.6 Base
Cisco Webex Meetings Server 2.6 Mr1
Cisco Webex Meetings Server 2.7 Mr1
Cisco Webex Meetings Server 2.0 Mr5
Cisco Webex Meetings Server 2.0 Mr6
Cisco Webex Meetings Server 2.5 Base
Cisco Webex Meetings Server 2.5 Mr5
2 Articles
5.5
CVSSv3
CVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows malicious users to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
Linux Linux Kernel 5.15
Linux Linux Kernel
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Developer Tools 1.0
Redhat Enterprise Linux For Real Time 8
Redhat Enterprise Linux For Real Time For Nfv 8
Redhat Codeready Linux Builder For Power Little Endian 8.0
Redhat Codeready Linux Builder 8.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.6
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.6
Redhat Enterprise Linux For Ibm Z Systems Eus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Codeready Linux Builder For Power Little Endian Eus 8.6
Redhat Codeready Linux Builder Eus 8.6
Redhat Enterprise Linux For Real Time 8.6
Redhat Enterprise Linux Server Eus 8.6
Redhat Enterprise Linux For Power Little Endian Eus 8.6
7.5
CVSSv3
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Fasterxml Jackson-databind
Netapp Oncommand Workflow Automation -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Fedoraproject Fedora 32
Quarkus Quarkus
Apache Iotdb
Oracle Webcenter Portal 12.2.1.3.0
Oracle Banking Platform 2.6.2
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Agile Plm 9.3.6
Oracle Coherence 12.2.1.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Sd-wan Edge 9.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Billing And Revenue Management 7.5.0.23.0
Oracle Communications Services Gatekeeper 7.0
Oracle Banking Platform 2.7.0
1 Github repository
1 Article
10
CVSSv3
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1179 Github repositories
28 Articles
5.6
CVSSv3
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Atom C C2308
Intel Atom C C2316
Intel Atom C C2338
Intel Atom C C2350
Intel Atom C C2358
Intel Atom C C2508
Intel Atom C C2516
Intel Atom C C2518
Intel Atom C C2530
Intel Atom C C2538
Intel Atom C C2550
Intel Atom C C2558
Intel Atom C C2718
Intel Atom C C2730
Intel Atom C C2738
Intel Atom C C2750
Intel Atom C C2758
Intel Atom C C3308
Intel Atom C C3338
Intel Atom C C3508
Intel Atom C C3538
Intel Atom C C3558
1 EDB exploit
49 Github repositories
9 Articles
NA
CVE-2023-39848
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
69 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5