CVSS: 10.0EPSS: 27%CPEs: 3EXPL: 0CVE-2017-4947 – VMware Security Advisory 2018-0006
https://notcve.org/view.php?id=CVE-2017-4947
26 Jan 2018 — VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. VMware Realize Automation (7.3 y 7.2) y vSphere Integrated Containers (1.x anteriores a 1.3) contienen una vulnerabilidad de deserialización mediante Xenon. La explotación con éxito de este problema podría permitir que atacantes remotos ejecuten código arbitra... • http://www.securityfocus.com/bid/102852 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 8%CPEs: 22EXPL: 2CVE-2017-4914 – VMware vSphere Data Protection 5.x/6.x - Java Deserialization
https://notcve.org/view.php?id=CVE-2017-4914
07 Jun 2017 — VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, y 5.5.x contiene un problema de deserialización que permitiría a un atacante remoto ejecutar comandos en el aparato. • https://packetstorm.news/files/id/142901 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-4917
https://notcve.org/view.php?id=CVE-2017-4917
07 Jun 2017 — VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. vSphere Data Protection (VDP) versiones 6.1.x, 6.0.x, 5.8.x y 5.5.x de Vmware, almacena localmente las credenciales del Servidor vCenter utilizando un cifrado reversible. Este problema puede permitir que credenciales de texto plano puedan ser obtenidas . • http://www.securityfocus.com/bid/98936 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 82%CPEs: 22EXPL: 1CVE-2016-7456 – VMware VDP Known SSH Key
https://notcve.org/view.php?id=CVE-2016-7456
29 Dec 2016 — VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. VMware vSphere Data Protection (VDP) 5.5.x hasta la versión 6.1.x tiene una clave privada SSH con una contraseña públicamente conocida, lo que hace más fácil a atacantes remotos obtener acceso de inicio de sesión a través de una sesión SSH. VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a kn... • https://packetstorm.news/files/id/143883 • CWE-255: Credentials Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7458 – VMware Security Advisory 2016-0022
https://notcve.org/view.php?id=CVE-2016-7458
24 Nov 2016 — VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. VMware vSphere Client 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a vCenter Server remoto e instancias ESXi leer archivos arbitrarios a través de un documento XML que contiene una declaración de entid... • http://www.securityfocus.com/bid/94483 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4632 – VMware Security Advisory 2015-0002
https://notcve.org/view.php?id=CVE-2014-4632
30 Jan 2015 — VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. vSphere Data Protection (VDP) versión 5.1, versiones 5.5 anteriores a 5.5.9 y versiones 5.8 anteriores a 5.8.1 ... • http://archives.neohapsis.com/archives/bugtraq/2015-01/0154.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2014-1209 – VMware Security Advisory 2014-0003
https://notcve.org/view.php?id=CVE-2014-1209
11 Apr 2014 — VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. VMware vSphere Client 4.0, 4.1, 5.0 anterior a Update 3 y 5.1 anterior a Update 2 no valida debidamente actualizaciones a archivos de clientes, lo que permite a atacantes remotos provocar la descarga y ejecución de un programa arbitrario a través de vectores no e... • http://www.vmware.com/security/advisories/VMSA-2014-0003.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1210 – VMware Security Advisory 2014-0003
https://notcve.org/view.php?id=CVE-2014-1210
11 Apr 2014 — VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. VMware vSphere Client 5.0 anterior a Update 3 y 5.1 anterior a Update 2 no valida debidamente certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado manipulado. VMware vSphere Client updates address security vulnerabilities. • http://www.vmware.com/security/advisories/VMSA-2014-0003.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2013-1405
https://notcve.org/view.php?id=CVE-2013-1405
15 Feb 2013 — VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente ... • http://www.vmware.com/security/advisories/VMSA-2013-0001.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1512
https://notcve.org/view.php?id=CVE-2012-1512
16 Mar 2012 — Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el navegador interno en vSphere Client en VMWare vSphere v4.1 anterior a Update v2 y v5.0 anterior a Update v1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través d... • http://osvdb.org/80119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •