VMware

Vcenter

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2025-41250

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 29.09.2025 18:15:31
  • Zuletzt bearbeitet 29.09.2025 19:34:10

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

4.4

CVE-2025-41241

  • EPSS 0.07%
  • Veröffentlicht 29.07.2025 12:25:55
  • Zuletzt bearbeitet 29.07.2025 14:14:29

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service conditio...

5.3

CVE-2024-37087

Warnung
  • EPSS 0.31%
  • Veröffentlicht 25.06.2024 15:15:12
  • Zuletzt bearbeitet 27.06.2025 13:39:54

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

7.2

CVE-2024-22274

  • EPSS 61.45%
  • Veröffentlicht 21.05.2024 18:15:09
  • Zuletzt bearbeitet 27.06.2025 13:37:52

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

4.9

CVE-2024-22275

  • EPSS 7.25%
  • Veröffentlicht 21.05.2024 18:15:09
  • Zuletzt bearbeitet 27.06.2025 13:38:06

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

2.1

CVE-2011-1788

  • EPSS 0.06%
  • Veröffentlicht 09.05.2011 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.

5

CVE-2011-1789

  • EPSS 0.36%
  • Veröffentlicht 09.05.2011 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which ...

4.3

CVE-2011-0426

  • EPSS 0.13%
  • Veröffentlicht 09.05.2011 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

4.3

CVE-2009-3731

  • EPSS 2.2%
  • Veröffentlicht 16.12.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1;...

7.1

CVE-2009-0778

Exploit
  • EPSS 1.65%
  • Veröffentlicht 12.03.2009 15:20:49
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of a...