Vmware Vcenter_server
22 CVEs affecting Vmware Vcenter_server. Latest disclosed: 2017-12-20. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-4923 | Critical | 9.8 | 2017-08-01 | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when us… |
CVE-2017-4919 | Critical | 9.0 | 2017-07-28 | VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without… |
CVE-2017-4921 | High | 8.8 | 2017-08-01 | VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe mann… |
CVE-2017-4943 | High | 7.8 | 2017-12-20 | VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitati… |
CVE-2016-7459 | High | 7.7 | 2016-12-29 | VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch… |
CVE-2016-2076 | High | 7.6 | 2016-04-15 | Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appli… |
CVE-2017-4928 | High | 7.5 | 2017-11-17 | The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injectio… |
CVE-2017-4927 | High | 7.5 | 2017-11-17 | VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remot… |
CVE-2017-4922 | Medium | 6.5 | 2017-08-01 | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temp… |
CVE-2016-5331 | Medium | 6.1 | 2016-08-08 | CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP resp… |
CVE-2015-6931 | Medium | 6.1 | 2016-07-03 | Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote at… |
CVE-2016-2078 | Medium | 6.1 | 2016-06-08 | Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Wind… |
CVE-2017-4926 | Medium | 5.4 | 2017-09-15 | VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges… |
CVE-2015-2342 | | 2015-10-12 | The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which a… | |
CVE-2015-1047 | | 2015-10-12 | vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat messag… | |
CVE-2015-6932 | | 2015-09-18 | VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spo… | |
CVE-2014-4241 | | 2014-07-17 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity… | |
CVE-2013-5971 | | 2013-10-21 | Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and… | |
CVE-2013-1659 | | 2013-02-22 | VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not prop… | |
CVE-2012-6326 | | 2013-02-22 | VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk con… |