Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vcenter server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-28972
In SaltStack Salt prior to 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high ...
Eclipse Jetty 9.4.6
Eclipse Jetty 9.4.36
Eclipse Jetty
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.0
Apache Spark 3.1.1
Apache Nifi 1.13.0
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Snapmanager -
Netapp Hci -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Netapp Management Services For Element Software -
Debian Debian Linux 10.0
Apache Solr 8.8.1
Oracle Rest Data Services
2 Github repositories
4.3
CVSSv2
CVE-2019-5537
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 prior to 6.7u3a and 6.5 prior to 6.5u3d) may allow a malicious actor to intercept sensitive d...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
4.3
CVSSv2
CVE-2019-5538
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 prior to 6.7u3a and 6.5 prior to 6.5u3d) may allow a malicious actor to intercept sensitive d...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
4.3
CVSSv2
CVE-2016-5331
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Vmware Vcenter Server
Vmware Esxi 6.0
4.3
CVSSv2
CVE-2015-6931
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Vmware Vcenter Server 5.1
Vmware Vcenter Server 5.5
Vmware Vcenter Server 5.0
4.3
CVSSv2
CVE-2016-2078
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote malicious users to inject arbitrary web script or HTML via the flashvars parameter.
Vmware Vcenter Server 6.0
Vmware Vcenter Server 5.5
Vmware Vcenter Server 5.1
Vmware Vcenter Server 5.0
4.3
CVSSv2
CVE-2014-4632
VMware vSphere Data Protection (VDP) 5.1, 5.5 prior to 5.5.9, and 5.8 prior to 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-t...
Vmware Vsphere Data Protection 5.5.7
Vmware Vsphere Data Protection 5.5.8
Vmware Vsphere Data Protection 5.5.1
Vmware Vsphere Data Protection 5.5.6
Vmware Vsphere Data Protection 5.1
Vmware Vsphere Data Protection 5.8.0
4.3
CVSSv2
CVE-2014-8371
VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle malicious users to spoof CIM servers via a crafted cer...
Vmware Vcenter Server Appliance 5.1
Vmware Vcenter Server Appliance 5.0
Vmware Vcenter Server Appliance 5.5
4.3
CVSSv2
CVE-2014-3797
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vmware Vcenter Server Appliance 5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »