Refine your search
4 vulnerabilities found for VMware ESXi by VMware
jvndb-2015-000007
Vulnerability from jvndb
Published
2015-01-29 13:52
Modified
2015-02-16 15:34
Summary
Arbitrary files may be overwritten in multiple VMware products
Details
Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000007.html",
"dc:date": "2015-02-16T15:34+09:00",
"dcterms:issued": "2015-01-29T13:52+09:00",
"dcterms:modified": "2015-02-16T15:34+09:00",
"description": "Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000007.html",
"sec:cpe": [
{
"#text": "cpe:/a:vmware:fusion",
"@product": "VMware Fusion",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:player",
"@product": "VMware Player",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/a:vmware:workstation",
"@product": "VMware Workstation",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000007",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88252465/index.html",
"@id": "JVN#88252465",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370",
"@id": "CVE-2014-8370",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8370",
"@id": "CVE-2014-8370",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Arbitrary files may be overwritten in multiple VMware products"
}
jvndb-2013-000123
Vulnerability from jvndb
Published
2013-12-24 15:02
Modified
2013-12-25 14:01
Summary
VMware ESX and ESXi may allow access to arbitrary files
Details
VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html",
"dc:date": "2013-12-25T14:01+09:00",
"dcterms:issued": "2013-12-24T15:02+09:00",
"dcterms:modified": "2013-12-25T14:01+09:00",
"description": "VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html",
"sec:cpe": [
{
"#text": "cpe:/o:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.1",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000123",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13154935/index.html",
"@id": "JVN#13154935",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5973",
"@id": "CVE-2013-5973",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5973",
"@id": "CVE-2013-5973",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VMware ESX and ESXi may allow access to arbitrary files"
}
jvndb-2013-000085
Vulnerability from jvndb
Published
2013-09-06 14:03
Modified
2013-09-11 14:06
Summary
VMware ESX and ESXi vulnerable to buffer overflow
Details
VMware ESX and ESXi contains a buffer overflow vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000085.html",
"dc:date": "2013-09-11T14:06+09:00",
"dcterms:issued": "2013-09-06T14:03+09:00",
"dcterms:modified": "2013-09-11T14:06+09:00",
"description": "VMware ESX and ESXi contains a buffer overflow vulnerability.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000085.html",
"sec:cpe": [
{
"#text": "cpe:/o:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000085",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN19847770/index.html",
"@id": "JVN#19847770",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3657",
"@id": "CVE-2013-3657",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3657",
"@id": "CVE-2013-3657",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130906-jvn.html",
"@id": "Security Alert for Vulnerability in VMware Products (JVN#72911629)(JVN#19847770)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://blog.shanonolsson.com/blog/2013/08/24/esxi-cim-services-authentication-bypass-and-remote-code-execution-vulnerabilities/",
"@id": "ESXi CIM Services Authentication Bypass and Remote Code Execution Vulnerabilities",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "VMware ESX and ESXi vulnerable to buffer overflow"
}
jvndb-2013-000084
Vulnerability from jvndb
Published
2013-09-06 13:59
Modified
2013-09-11 13:59
Summary
VMware ESX and ESXi vulnerable to directory traversal
Details
VMware ESX and ESXi contains a directory traversal vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000084.html",
"dc:date": "2013-09-11T13:59+09:00",
"dcterms:issued": "2013-09-06T13:59+09:00",
"dcterms:modified": "2013-09-11T13:59+09:00",
"description": "VMware ESX and ESXi contains a directory traversal vulnerability.\r\n\r\nShanon Olsson reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000084.html",
"sec:cpe": [
{
"#text": "cpe:/o:vmware:esx",
"@product": "VMware ESX",
"@vendor": "VMware",
"@version": "2.2"
},
{
"#text": "cpe:/o:vmware:esxi",
"@product": "VMware ESXi",
"@vendor": "VMware",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000084",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN72911629/index.html",
"@id": "JVN#72911629",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3658",
"@id": "CVE-2013-3658",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3658",
"@id": "CVE-2013-3658",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20130906-jvn.html",
"@id": "Security Alert for Vulnerability in VMware Products (JVN#72911629)(JVN#19847770)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://blog.shanonolsson.com/blog/2013/08/24/esxi-cim-services-authentication-bypass-and-remote-code-execution-vulnerabilities/",
"@id": "ESXi CIM Services Authentication Bypass and Remote Code Execution Vulnerabilities",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "VMware ESX and ESXi vulnerable to directory traversal"
}