Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vcenter server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-5331
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Vmware Vcenter Server
Vmware Esxi 6.0
6.4
CVSSv2
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
Vmware Cloud Foundation
Vmware Vcenter Server 7.0
4.3
CVSSv2
CVE-2021-22016
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
Vmware Cloud Foundation
Vmware Vcenter Server 6.7
4.3
CVSSv2
CVE-2012-5050
Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) prior to 5.0.x allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vmware Vcenter Operations
Vmware Vcenter Operations 1.0.1
Vmware Vcenter Operations 1.0.0
2.1
CVSSv2
CVE-2011-1788
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.
Vmware Vcenter 4.0
Vmware Vcenter 4.1
4
CVSSv2
CVE-2012-1513
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading th...
Vmware Vcenter Orchestrator 4.0
Vmware Vcenter Orchestrator 4.1
4.3
CVSSv2
CVE-2011-0426
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote malicious users to read arbitrary files via unspecified vectors.
Vmware Vcenter 4.1
Vmware Vcenter 4.0
Vmware Virtualcenter 2.5
5
CVSSv2
CVE-2011-4404
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote malicious users to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a re...
Vmware Vcenter Update Manager 4.1
Vmware Vcenter Update Manager 4.0
1 EDB exploit
4.3
CVSSv2
CVE-2016-2078
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote malicious users to inject arbitrary web script or HTML via the flashvars parameter.
Vmware Vcenter Server 6.0
Vmware Vcenter Server 5.5
Vmware Vcenter Server 5.1
Vmware Vcenter Server 5.0
5
CVSSv2
CVE-2019-5492
Element Plug-in for vCenter Server versions before 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions before 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
Netapp Hyper Converged Infrastructure Compute Node
Netapp Element Plug-in For Vcenter Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »