VMware

Vcenter Server Appliance

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2024-37081

  • EPSS 49.73%
  • Veröffentlicht 18.06.2024 06:15:11
  • Zuletzt bearbeitet 21.11.2024 09:23:09

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server A...

4.3

CVE-2014-8371

  • EPSS 0.13%
  • Veröffentlicht 08.12.2014 11:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM s...

4.3

CVE-2014-3797

  • EPSS 0.39%
  • Veröffentlicht 08.12.2014 11:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

10

CVE-2014-7169

Warnung Exploit
  • EPSS 89.61%
  • Veröffentlicht 25.09.2014 01:55:04
  • Zuletzt bearbeitet 22.10.2025 01:16:04

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro...

10

CVE-2014-6271

Warnung Exploit
  • EPSS 94.22%
  • Veröffentlicht 24.09.2014 18:48:04
  • Zuletzt bearbeitet 22.10.2025 01:15:57

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman...

6.5

CVE-2014-4258

  • EPSS 0.8%
  • Veröffentlicht 17.07.2014 11:17:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

4.3

CVE-2014-4241

  • EPSS 0.91%
  • Veröffentlicht 17.07.2014 11:17:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.

9

CVE-2014-3790

  • EPSS 0.5%
  • Veröffentlicht 01.06.2014 04:29:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.

9

CVE-2013-3079

  • EPSS 0.57%
  • Veröffentlicht 01.05.2013 12:00:14
  • Zuletzt bearbeitet 11.04.2025 00:51:21

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.

9

CVE-2013-3080

  • EPSS 1.2%
  • Veröffentlicht 01.05.2013 12:00:14
  • Zuletzt bearbeitet 11.04.2025 00:51:21

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Inte...