Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vmware server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-20894
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
Vmware Vcenter Server 7.0
Vmware Vcenter Server 8.0
Vmware Vcenter Server
9.8
CVSSv3
CVE-2023-20895
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
Vmware Vcenter Server 7.0
Vmware Vcenter Server 8.0
Vmware Vcenter Server
NA
CVE-2007-5618
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x prior to 1.0.5 and 2.0 prior to 2.0.1, VMware Server prior to 1.0.4, and Workstation 5.x prior to 5.5.5 and 6.x prior to 6.0.1 might allow local users to gain privileges via ...
Vmware Workstation
Vmware Player
Vmware Server
NA
CVE-2009-2277
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote malicious users to inject arbitrary web script or HTML via vectors related to "context data."
Vmware Virtualcenter 2.5
Vmware Esx Server 3.0.3
Vmware Esx Server 3.5
Vmware Virtualcenter 2.0.2
7.7
CVSSv3
CVE-2016-7459
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity refer...
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
Vmware Vcenter Server 5.0
9.8
CVSSv3
CVE-2021-22049
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Serv...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
6.1
CVSSv3
CVE-2015-6931
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Vmware Vcenter Server 5.1
Vmware Vcenter Server 5.5
Vmware Vcenter Server 5.0
7.7
CVSSv3
CVE-2019-5532
VMware vCenter Server (6.7.x before 6.7 U3, 6.5 before 6.5 U3 and 6.0 before 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containi...
Vmware Vcenter Server 6.0
Vmware Vcenter Server 6.7
Vmware Vcenter Server 6.5
NA
CVE-2015-1047
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote malicious users to cause a denial of service via a long heartbeat message.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 5.0
Vmware Vcenter Server 5.1
9
CVSSv3
CVE-2017-4919
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »