The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VMware VirtualCenter

2 VMware vCenter Server, vSphere Client, ESX: memory corruption of client authentication
An attacker can setup a malicious sever, and invite VMware vCenter Server, vSphere Client and ESX clients to connect, in order to corrupt their memory, which leads to code execution...
BID-57666, CERTA-2013-AVI-088, CVE-2013-1405, ESX350-201302401-SG, ESX400-201302001, ESX400-201302401-SG, ESX410-201301001, ESX410-201301401-SG, ESX410-201301402-SG, ESX410-201301403-SG, ESX410-201301405-SG, ESXe350-201302401-I-SG, ESXe350-201302401-O-SG, ESXe350-201302403-C-SG, ESXi400-201302001, ESXi400-201302401-SG, ESXi400-201302402-SG, ESXi400-201302403-SG, ESXi410-201301001, ESXi410-201301401-SG, ESXi410-201301402-SG, VIGILANCE-VUL-12363, VMSA-2013-0001, VMSA-2013-0001.1, VMSA-2013-0001.2, VMSA-2013-0003
3 Java JRE/JDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-55501, BID-55538, BID-56025, BID-56033, BID-56039, BID-56043, BID-56046, BID-56051, BID-56054, BID-56055, BID-56056, BID-56057, BID-56058, BID-56059, BID-56061, BID-56063, BID-56065, BID-56067, BID-56070, BID-56071, BID-56072, BID-56075, BID-56076, BID-56079, BID-56080, BID-56081, BID-56082, BID-56083, c03595351, CERTA-2012-AVI-576, CERTA-2012-AVI-746, CERTA-2013-AVI-094, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-4420, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089, CVE-2012-5979-ERROR, DSECRG-12-039, ESX350-201302401-SG, FEDORA-2012-16346, FEDORA-2012-16351, IC89804, javacpuoct2012, MDVSA-2012:169, openSUSE-SU-2012:1419-1, openSUSE-SU-2012:1423-1, openSUSE-SU-2012:1424-1, RHSA-2012:1384-01, RHSA-2012:1385-01, RHSA-2012:1386-01, RHSA-2012:1391-01, RHSA-2012:1392-01, RHSA-2012:1465-01, RHSA-2012:1466-01, RHSA-2012:1467-01, RHSA-2012:1485-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SUSE-SU-2012:1398-1, SUSE-SU-2012:1489-1, SUSE-SU-2012:1489-2, SUSE-SU-2012:1490-1, SUSE-SU-2012:1588-1, SUSE-SU-2012:1595-1, swg21621958, swg21621959, VIGILANCE-VUL-12072, VMSA-2013-0001.2, VMSA-2013-0003
4 Java JRE/JDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-49778, BID-50211, BID-50215, BID-50216, BID-50218, BID-50220, BID-50223, BID-50224, BID-50226, BID-50229, BID-50231, BID-50234, BID-50236, BID-50237, BID-50239, BID-50242, BID-50243, BID-50246, BID-50248, BID-50250, c03122753, c03266681, c03316985, c03358587, c03405642, CERTA-2011-AVI-541, CERTA-2011-AVI-580, CERTA-2011-AVI-675, CERTA-2012-AVI-012, CERTA-2012-AVI-045, CERTA-2012-AVI-190, CERTA-2012-AVI-238, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561, DSA-2356-1, DSA-2358-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, FEDORA-2011-14638, FEDORA-2011-14648, FEDORA-2011-15555, HPSBMU02797, HPSBMU02799, HPSBUX02730, HPSBUX02760, HPSBUX02777, javacpuoct2011, MDVSA-2011:170, openSUSE-SU-2011:1196-1, RHSA-2011:1380-01, RHSA-2011:1384-01, RHSA-2011:1478-01, RHSA-2012:0006-01, RHSA-2012:0034-01, RHSA-2012:0343-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100710, SSRT100805, SSRT100854, SSRT100867, SUSE-SU-2011:1298-1, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, VIGILANCE-VUL-11072, VMSA-2012-0003, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013.1, VU#864643, ZDI-11-305, ZDI-11-306, ZDI-11-307
2 VMware vCenter, vSphere: three vulnerabilities
An attacker can use three vulnerabilities of VMware vCenter Server and vSphere Client Installer...
CERTA-2011-AVI-285, CVE-2011-0426, CVE-2011-1788, CVE-2011-1789, VIGILANCE-VUL-10620, VMSA-2011-0008
3 OpenSSL: code execution via TLS Extensions
An attacker can use a TLS extension, in order to corrupt the memory of multi-threaded applications using OpenSSL and its internal caching feature...
1643316, 649304, BID-44884, c02737002, c03179825, CERTA-2002-AVI-272, CERTA-2010-AVI-555, CERTA-2011-AVI-242, CERTA-2011-AVI-294, CERTA-2012-AVI-056, CVE-2010-3864, DSA-2125-1, FEDORA-2010-17826, FEDORA-2010-17827, FEDORA-2010-17847, FreeBSD-SA-10:10.openssl, HPSBGN02740, HPSBUX02638, MDVSA-2010:238, NetBSD-SA2010-012, openSUSE-SU-2010:0965-1, openSUSE-SU-2010:0965-2, RHSA-2010:0888-01, SA68, SSA:2010-326-01, SSRT100339, SSRT100741, SUSE-SR:2010:022, VIGILANCE-VUL-10130, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2
4 Java JRE/JDK/SDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-43965, BID-43971, BID-43979, BID-43985, BID-43988, BID-43992, BID-43994, BID-43999, BID-44009, BID-44011, BID-44012, BID-44013, BID-44014, BID-44016, BID-44017, BID-44020, BID-44021, BID-44023, BID-44024, BID-44026, BID-44027, BID-44028, BID-44030, BID-44032, BID-44035, BID-44038, BID-44040, c02616748, c03405642, CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-219, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-500, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2011-AVI-400, CERTA-2012-AVI-241, CERTA-2012-AVI-395, CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, FEDORA-2010-16240, FEDORA-2010-16294, FEDORA-2010-16312, HPSBMU02799, HPSBUX02608, openSUSE-SU-2010:0754-1, openSUSE-SU-2010:0957-1, RHSA-2010:0768-01, RHSA-2010:0770-01, RHSA-2010:0786-01, RHSA-2010:0807-01, RHSA-2010:0865-02, RHSA-2010:0873-02, RHSA-2010:0935-01, RHSA-2010:0986-01, RHSA-2010:0987-01, RHSA-2011:0152-01, RHSA-2011:0169-01, RHSA-2011:0880-01, SSRT100333, SSRT100867, SUSE-SA:2010:061, SUSE-SA:2011:006, SUSE-SA:2011:014, SUSE-SR:2010:019, VIGILANCE-VUL-10040, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2012-0005, ZDI-10-202, ZDI-10-203, ZDI-10-204, ZDI-10-205, ZDI-10-206, ZDI-10-207, ZDI-10-208
2 Linux kernel: privilege elevation via syscall on x86_64
On a x86_64 architecture, a local attacker can use, among others, getsockopt() in a 32 bit process in order to elevate his privileges...
634457, BID-43239, CERTA-2010-AVI-570, CVE-2010-3081, DSA-2110-1, FEDORA-2010-14832, FEDORA-2010-14878, FEDORA-2010-14890, MDVSA-2010:188, MDVSA-2010:198, MDVSA-2010:214, MDVSA-2010:247, openSUSE-SU-2010:0654-1, openSUSE-SU-2010:0655-1, openSUSE-SU-2010:0664-1, openSUSE-SU-2010:0720-1, RHSA-2010:0704-01, RHSA-2010:0705-01, RHSA-2010:0711-01, RHSA-2010:0718-01, RHSA-2010:0719-01, RHSA-2010:0758-01, RHSA-2010:0842-01, RHSA-2010:0882-01, SSA:2010-265-01, SUSE-SA:2010:043, SUSE-SA:2010:044, SUSE-SA:2010:045, SUSE-SA:2010:046, SUSE-SA:2010:047, SUSE-SA:2010:050, SUSE-SA:2011:007, SUSE-SR:2010:017, SUSE-SU-2011:0635-1, SUSE-SU-2011:0928-1, VIGILANCE-VUL-9947, VMSA-2010-0017, VMSA-2010-0017.1, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2
2 OpenSSL: memory corruption in ssl3_get_key_exchange
An attacker can invite the victim to connect to a malicious SSL/TLS server, in order to corrupt the memory of the client, to create a denial of service or to execute code...
BID-42306, CVE-2010-2939, DSA-2100-1, FreeBSD-SA-10:10.openssl, MDVSA-2010:168, NetBSD-SA2010-011, openSUSE-SU-2010:0951-1, openSUSE-SU-2010:0952-1, SSA:2010-326-01, SUSE-SR:2010:021, VIGILANCE-VUL-9819, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2
2 Linux kernel: denial of service via SCTP
An attacker can send a malformed SCTP packet, in order to stop the kernel...
BID-39794, CVE-2010-1173, DSA-2053-1, MDVSA-2010:188, MDVSA-2010:198, openSUSE-SU-2011:0346-1, openSUSE-SU-2013:0927-1, RHSA-2010:0474-01, RHSA-2010:0504-01, RHSA-2010:0631-01, SUSE-SA:2010:027, SUSE-SA:2011:015, SUSE-SA:2011:017, SUSE-SU-2011:0928-1, VIGILANCE-VUL-9618, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2
2 Linux kernel: file access via CIFS DNS resolver
A local attacker can modify his keyring, in order to force the CIFS client of the Linux kernel to connect to a malicious CIFS/SMB server...
CERTA-2010-AVI-355, CVE-2010-2524, DSA-2264-1, FEDORA-2010-11412, FEDORA-2010-11462, MDVSA-2010:172, openSUSE-SU-2010:0664-1, RHSA-2010:0610-01, SOL16477, SUSE-SA:2010:039, SUSE-SA:2010:040, SUSE-SA:2010:046, VIGILANCE-VUL-9803, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2
Our database contains other pages. You can request a free trial to read them.