CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2076 – VMware Security Advisory 2016-0004
https://notcve.org/view.php?id=CVE-2016-2076
15 Apr 2016 — Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. Client Integration Plugin (CIP) en VMware vCenter Server 5.5 U3a, U3b y U3c y 6.0 en versiones anteriores a U2; vCloud Director 5.5.5; y vRealize Automation Identity Appliance 6.2.4 en versiones anteriores a 6.2.4.1 no maneja ... • http://www.securitytracker.com/id/1035570 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3797 – VMware Security Advisory 2014-0012
https://notcve.org/view.php?id=CVE-2014-3797
05 Dec 2014 — Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en VMware vCenter Server Appliance (vCSA) 5.1 anterior a Update 3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and securit... • http://seclists.org/fulldisclosure/2014/Dec/23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2014-8371 – VMware Security Advisory 2014-0012
https://notcve.org/view.php?id=CVE-2014-8371
05 Dec 2014 — VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. VMware vCenter Server Appliance (vCSA) 5.5 anterior a Update 2, 5.1 anterior a Update 3, y 5.0 anterior a Update 3c no valida correctamente los certificados cuando conecta a un servidor CIM en un anfitrión ESXi, lo que permite a... • http://seclists.org/fulldisclosure/2014/Dec/23 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4241
https://notcve.org/view.php?id=CVE-2014-4241
17 Jul 2014 — Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0 y 10.3.6.0 permite a atacantes remotos afectar la integridad a través de vectores relacionados con WLS - Web Services. • http://seclists.org/fulldisclosure/2014/Dec/23 •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. Multiple sec... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3790 – VMware vCenter Server Appliance Ruby vSphere Console Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-3790
30 May 2014 — Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. Ruby vSphere Console (RVC) en VMware vCenter Server Appliance permite a usuarios remotos autenticados ejecutar comandos arbitrarios como root mediante la evasión de una jaula chroot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit... • http://secunia.com/advisories/58823 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3079
https://notcve.org/view.php?id=CVE-2013-3079
01 May 2013 — VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. VMware vCenter Server Appliance (vcsa) v5.1 antes Update 1 permite a los usuarios remotos autenticados ejecutar programas arbitrarios con privilegios de root mediante el aprovechamiento de la interfaz de administración Virtual Appliance (VAMI) de acceso. • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2013-3080
https://notcve.org/view.php?id=CVE-2013-3080
01 May 2013 — VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. VMware vCenter Server Appliance (vcsa) v5.1 antes Update 1 permite a los usuarios remotos autenticados crear o sobreescribir archivos arbitrarios, y por lo tanto ejecutar código arbitrario o causar una denegación de servicio, a... • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-264: Permissions, Privileges, and Access Controls •