Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vsphere vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2016-7463
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.
Vmware Esxi 5.5
Vmware Esxi 6.0
3.3
CVSSv2
CVE-2019-3874
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
Linux Linux Kernel
Debian Debian Linux 8.0
Redhat Enterprise Linux 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapprotect -
Netapp Active Iq Unified Manager For Vmware Vsphere
Netapp Cn1610 Firmware -
3.3
CVSSv2
CVE-2018-11076
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Ja...
Dell Emc Integrated Data Protection Appliance 2.0
Dell Emc Avamar 7.3.1
Dell Emc Avamar 7.4.1
Dell Emc Avamar 7.4.0
Dell Emc Avamar 7.3.0
Dell Emc Avamar 7.2.0
Dell Emc Avamar 7.2.1
Vmware Vsphere Data Protection 6.1.0
Vmware Vsphere Data Protection 6.0.3
Vmware Vsphere Data Protection 6.0.1
Vmware Vsphere Data Protection 6.1.3
Vmware Vsphere Data Protection 6.1.1
Vmware Vsphere Data Protection 6.0.0
Vmware Vsphere Data Protection 6.0.4
Vmware Vsphere Data Protection 6.1.2
Vmware Vsphere Data Protection 6.0.2
Vmware Vsphere Data Protection 6.0.5
Vmware Vsphere Data Protection 6.0.6
Vmware Vsphere Data Protection 6.0.7
Vmware Vsphere Data Protection 6.0.8
Vmware Vsphere Data Protection 6.1.4
Vmware Vsphere Data Protection 6.1.5
2.1
CVSSv2
CVE-2020-8575
Active IQ Unified Manager for VMware vSphere and Windows versions before 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
Netapp Active Iq Unified Manager
1.9
CVSSv2
CVE-2019-3901
A race condition in perf_event_open() allows local malicious users to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execv...
Linux Linux Kernel
Debian Debian Linux 8.0
Netapp Vasa Provider For Clustered Data Ontap
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapprotect -
Netapp Active Iq Unified Manager For Vmware Vsphere
Netapp Virtual Storage Console For Vmware Vsphere
Netapp Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere
Netapp Cn1610 Firmware -
NA
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be a...
Vmware Open Vm Tools
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Vmware Tools
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
NA
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
Vmware Open Vm Tools
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-27312
SnapCenter Plugin for VMware vSphere versions 4.6 before 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.
Netapp Snapcenter Plug-in
NA
CVE-2023-36628
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
Purestorage Purity//fa
NA
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has ...
Vmware Tools
Vmware Open Vm Tools
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Netapp Ontap Select Deploy Administration Utility -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »