CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2009-0518
https://notcve.org/view.php?id=CVE-2009-0518
06 Apr 2009 — VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. VI Client de VMware VirtualCenter en versiones anteriores a la v2.5 Update 4, VMware ESXi 3.5 en sus versiones anteriores a Update 4, and VMware ESX 3.5 en sus versiones anteriores a Update 4 retienen la contraseña de VirtualCenter Server en la memoria de proceso, lo que p... • http://lists.vmware.com/pipermail/security-announce/2009/000054.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4278
https://notcve.org/view.php?id=CVE-2008-4278
06 Oct 2008 — VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. VMware VirtualCenter 2.5 antes de la actualización 3 build 119838 sobre Windows muestra la contraseña de un usuario en texto sin formato cuando la contraseña contiene caracteres especiales no especificados, lo cual permite robar la contraseña a atacantes físicamente próximos. • http://marc.info/?l=bugtraq&m=122331139823057&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2008-3514
https://notcve.org/view.php?id=CVE-2008-3514
13 Aug 2008 — VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." VirtualCenter de VMware versión 2.5 anterior a Update 2 y versión 2.0.2 anterior a Update 5, se basa en la función "enabled/disabled functionality" para el control de acceso, lo que permite a los ata... • http://secunia.com/advisories/31468 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5990
https://notcve.org/view.php?id=CVE-2006-5990
21 Nov 2006 — VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. El cliente VMWare VirtualCenter 2.x anterior a 2.0.1 Patch 1 (Build 33463) y 1.4.x anterior a 1.4.1 Patch 1 (Build 33425), cuando la verificación de certificados de servidor está h... • http://kb.vmware.com/kb/4646606 • CWE-20: Improper Input Validation •