CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1510
https://notcve.org/view.php?id=CVE-2012-1510
Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. Desbordamiento de búfer en el driver WDDM en VMware ESXi v4.0, v4.1, y v5.0; VMware ESX v4.0 y v4.1; y VMware View anterior a v4.6.1, permite a usuarios invitados del OS obtener privilegios de invitado mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html http://osvdb.org/80117 http://secunia.com/advisories/48378 http://secunia.com/advisories/48379 http://www.securityfocus.com/bid/52524 http://www.securitytracker.com/id?1026814 http://www.securitytracker.com/id?1026818 http://www.vmware.com/security/advisories/VMSA-2012-0004.html http://www.vmware.com/security/advisories/VMSA-2012-0005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/74097 https://oval.cisecu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1511
https://notcve.org/view.php?id=CVE-2012-1511
Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en View Manager Portal en VMware View anterior a v4.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html http://osvdb.org/80118 http://secunia.com/advisories/48379 http://www.securityfocus.com/bid/52526 http://www.securitytracker.com/id?1026814 http://www.vmware.com/security/advisories/VMSA-2012-0004.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16664 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1513
https://notcve.org/view.php?id=CVE-2012-1513
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. La herramienta "Web Configuration" en VMWare vCenter Orchestrator (vCO) v4.0 anterior a Update v4, v4.1 anterior a Update v2, y v4.2 anterior a Update v1 situa la contraseña vCenter Server en un documento HTML, lo que permite a administradores remotos autenticados obtener información delicada mediante la lectura de este fichero. • http://osvdb.org/80120 http://secunia.com/advisories/48408 http://www.securityfocus.com/bid/52525 http://www.securitytracker.com/id?1026816 http://www.vmware.com/security/advisories/VMSA-2012-0005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/74091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1512
https://notcve.org/view.php?id=CVE-2012-1512
Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el navegador interno en vSphere Client en VMWare vSphere v4.1 anterior a Update v2 y v5.0 anterior a Update v1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una entrada log-file manipulada. • http://osvdb.org/80119 http://secunia.com/advisories/48387 http://www.securityfocus.com/bid/52525 http://www.securitytracker.com/id?1026817 http://www.vmware.com/security/advisories/VMSA-2012-0005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/74093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1472
https://notcve.org/view.php?id=CVE-2012-1472
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. VMware vCenter Chargeback Manager (CBM) anteriores a 2.0.1 no maneja apropiadamente peticiones XML API, lo que permite a atacantes remotos leer archivos de su elección o provocar una denegación de servicio a través de vectores sin especificar. • http://www.vmware.com/security/advisories/VMSA-2012-0002.html • CWE-20: Improper Input Validation •