CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7458 – VMware Security Advisory 2016-0022
https://notcve.org/view.php?id=CVE-2016-7458
24 Nov 2016 — VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. VMware vSphere Client 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a vCenter Server remoto e instancias ESXi leer archivos arbitrarios a través de un documento XML que contiene una declaración de entid... • http://www.securityfocus.com/bid/94483 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1209 – VMware Security Advisory 2014-0003
https://notcve.org/view.php?id=CVE-2014-1209
11 Apr 2014 — VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. VMware vSphere Client 4.0, 4.1, 5.0 anterior a Update 3 y 5.1 anterior a Update 2 no valida debidamente actualizaciones a archivos de clientes, lo que permite a atacantes remotos provocar la descarga y ejecución de un programa arbitrario a través de vectores no e... • http://www.vmware.com/security/advisories/VMSA-2014-0003.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1210 – VMware Security Advisory 2014-0003
https://notcve.org/view.php?id=CVE-2014-1210
11 Apr 2014 — VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. VMware vSphere Client 5.0 anterior a Update 3 y 5.1 anterior a Update 2 no valida debidamente certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado manipulado. VMware vSphere Client updates address security vulnerabilities. • http://www.vmware.com/security/advisories/VMSA-2014-0003.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2013-1405
https://notcve.org/view.php?id=CVE-2013-1405
15 Feb 2013 — VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente ... • http://www.vmware.com/security/advisories/VMSA-2013-0001.html • CWE-287: Improper Authentication •