CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-6326
https://notcve.org/view.php?id=CVE-2012-6326
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. VMware vCenter Server v4.1 anterio a Update 3 and v5.0 anterior a Update 2, y vCSA v5.0 anterior a Update 2, permite a atacantes remotos causar una denegación de servicio (consumo de disco) mediante vectores que generan largas entradas en el log. • http://www.vmware.com/security/advisories/VMSA-2012-0018.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2013-1405
https://notcve.org/view.php?id=CVE-2013-1405
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente Update v3a, VMware VirtualCenter v2.5, VMware vSphere Client v4.0 anteriormente Update v4b y 4.1 anteriormente Update v3a, VMware VI-Client v2.5, VMware ESXi v3.5 hasta v4.1, y VMware ESX v3.5 hasta v4.1 no implementa correctamente el protocolo de gestión de autentificación, el cual permite a servidores remotos ejecutar código o causar una denegación de servicios en la memoria corrupta por vectores sin especificar. • http://www.vmware.com/security/advisories/VMSA-2013-0001.html • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1513
https://notcve.org/view.php?id=CVE-2012-1513
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. La herramienta "Web Configuration" en VMWare vCenter Orchestrator (vCO) v4.0 anterior a Update v4, v4.1 anterior a Update v2, y v4.2 anterior a Update v1 situa la contraseña vCenter Server en un documento HTML, lo que permite a administradores remotos autenticados obtener información delicada mediante la lectura de este fichero. • http://osvdb.org/80120 http://secunia.com/advisories/48408 http://www.securityfocus.com/bid/52525 http://www.securitytracker.com/id?1026816 http://www.vmware.com/security/advisories/VMSA-2012-0005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/74091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 96%CPEs: 6EXPL: 1CVE-2011-4404 – VMware - Update Manager Directory Traversal
https://notcve.org/view.php?id=CVE-2011-4404
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. La configuración por defecto del servidor HTTP en Jetty en vSphere Update Manager bajo VMware vCenter Update Manager v4.0 antes de la actualización 4 y v4.1 antes de la actualización 2 permite realizar ataques de salto de directorio y leer archivos arbitrarios a atacantes remotos a través de vectores no especificados. Se trata de un problema relacionado con CVE-2009 -1523. VMware Update Manager versions 4.1 prior to update 2 suffer from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/18138 http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/handler/ResourceHandler.html http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/servlet/DefaultServlet.html http://www.securitytracker.com/id?1026341 http://www.vmware.com/security/advisories/VMSA-2011-0014.html https://www.vmware.com/security/advisories/VMSA-2011-0014.html http://dsecrg.com/pages/vul/show.php?id=342 • CWE-16: Configuration •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1788
https://notcve.org/view.php?id=CVE-2011-1788
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. vCenter Server en VMware vCenter v4.0 anterior a la actualización 3 y v4.1 anterior a la actualización 1 permite a los usuarios locales descubrir el ID de las sesiones SOAP mediante vectores no especificados. • http://lists.vmware.com/pipermail/security-announce/2011/000137.html http://osvdb.org/72179 http://securitytracker.com/id?1025502 http://www.securityfocus.com/bid/47742 http://www.vmware.com/security/advisories/VMSA-2011-0008.html https://exchange.xforce.ibmcloud.com/vulnerabilities/67304 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •