Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2012-03-16 |
| Product | View | Last view | 2013-02-11 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2013-02-11 | CVE-2013-1406 | The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. |
| 5 | 2012-12-19 | CVE-2012-5978 | Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors. |
| 6.9 | 2012-09-08 | CVE-2012-1666 | Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. |
| 4.3 | 2012-03-16 | CVE-2012-1511 | Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| 7.2 | 2012-03-16 | CVE-2012-1510 | Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. |
| 7.2 | 2012-03-16 | CVE-2012-1509 | Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. |
| 7.2 | 2012-03-16 | CVE-2012-1508 | The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 16% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 16% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:20594 | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client,... |
| oval:org.mitre.oval:def:17183 | VMware Tools Display Driver Privilege Escalation |
| oval:org.mitre.oval:def:20278 | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client,... |
| oval:org.mitre.oval:def:17151 | VMware Tools Display Driver Privilege Escalation |
| oval:org.mitre.oval:def:20252 | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client,... |
| oval:org.mitre.oval:def:17258 | VMware Tools Display Driver Privilege Escalation |
| oval:org.mitre.oval:def:16664 | View Manager Portal Cross-site Scripting |
| oval:org.mitre.oval:def:17049 | VMware View releases address a critical directory traversal vulnerability in ... |
| oval:org.mitre.oval:def:20352 | VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerabi... |
| oval:org.mitre.oval:def:17164 | VMware Workstation, View address a vulnerability in the VMCI.SYS driver which... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-03-16 | Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ... File : nvt/gb_VMSA-2012-0005.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2012-A-0045 | VMWare ESX 4.0 and ESXi 4.0 Display Driver Buffer Overflow Vulnerability Severity: Category I - VMSKEY: V0031898 |
| 2012-A-0046 | VMWare ESX 4.1 and ESXi 4.1 Display Driver Buffer Overflow Vulnerabilities Severity: Category I - VMSKEY: V0031899 |
| 2012-A-0049 | Multiple Vulnerabilities in VMware View Severity: Category I - VMSKEY: V0031902 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0002_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-03 | Name: The remote VMware ESXi / ESX host is missing a security-related patch. File: vmware_VMSA-2012-0005_remote.nasl - Type: ACT_GATHER_INFO |
| 2013-11-13 | Name: The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File: vmware_esxi_5_0_build_912577_remote.nasl - Type: ACT_GATHER_INFO |
| 2013-11-13 | Name: The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File: vmware_esxi_5_1_build_911593_remote.nasl - Type: ACT_GATHER_INFO |
| 2013-02-27 | Name: The remote host has a virtualization application that is affected by a privil... File: macosx_fusion_5_0_2.nasl - Type: ACT_GATHER_INFO |
| 2013-02-27 | Name: The remote host has a desktop solution that is affected by a privilege escala... File: vmware_view_priv_esc_vmsa_2013_0002.nasl - Type: ACT_GATHER_INFO |
| 2013-02-27 | Name: The remote host has a virtualization application that is affected by a privil... File: vmware_workstation_priv_esc_vmsa_2013_0002.nasl - Type: ACT_GATHER_INFO |
| 2013-02-16 | Name: The remote VMware ESXi / ESX host is missing a security-related patch. File: vmware_VMSA-2013-0002.nasl - Type: ACT_GATHER_INFO |
| 2013-01-24 | Name: The remote host has a virtual desktop solution that is potentially affected b... File: vmware_view_multiple_vmsa_2012_0004.nasl - Type: ACT_GATHER_INFO |
| 2013-01-24 | Name: The remote host has a desktop solution that affected by a directory traversal... File: vmware_view_vmsa_2012_0017.nasl - Type: ACT_GATHER_INFO |
| 2012-07-13 | Name: The remote VMware ESXi host is missing a security-related patch. File: vmware_VMSA-2012-0012.nasl - Type: ACT_GATHER_INFO |
| 2012-03-16 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2012-0005.nasl - Type: ACT_GATHER_INFO |
