cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2019-5538,https://securityvulnerability.io/vulnerability/CVE-2019-5538,,Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.,Vmware,Vmware Vcenter Server Appliance,5.9,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2019-10-28T15:52:37.000Z,0
CVE-2019-5537,https://securityvulnerability.io/vulnerability/CVE-2019-5537,,Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.,Vmware,Vmware Vcenter Server Appliance,5.9,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2019-10-28T15:04:08.000Z,0
CVE-2017-4943,https://securityvulnerability.io/vulnerability/CVE-2017-4943,,VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.,Vmware,Vcenter Server Appliance (vcsa),7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2017-12-20T15:29:00.000Z,0
CVE-2016-2076,https://securityvulnerability.io/vulnerability/CVE-2016-2076,,"Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.",Vmware,"Vcenter Server,Vcloud Director,Vcloud Automation Identity Appliance",7.6,HIGH,0.0037799999117851257,false,false,false,false,,false,false,2016-04-15T14:00:00.000Z,0
CVE-2014-3797,https://securityvulnerability.io/vulnerability/CVE-2014-3797,,Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Vmware,Vcenter Server Appliance,,,0.0017399999778717756,false,false,false,false,,false,false,2014-12-08T11:00:00.000Z,0
CVE-2014-8371,https://securityvulnerability.io/vulnerability/CVE-2014-8371,,"VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.",Vmware,Vcenter Server Appliance,,,0.0005300000193528831,false,false,false,false,,false,false,2014-12-08T11:00:00.000Z,0
CVE-2014-4241,https://securityvulnerability.io/vulnerability/CVE-2014-4241,,Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.,Vmware,"Vcenter Server,Vcenter Server Appliance,Esxi",,,0.01155999954789877,false,false,false,false,,false,false,2014-07-17T10:00:00.000Z,0
CVE-2014-3790,https://securityvulnerability.io/vulnerability/CVE-2014-3790,,Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.,Vmware,Vcenter Server Appliance,,,0.027300000190734863,false,false,false,false,,false,false,2014-06-01T01:00:00.000Z,0
CVE-2013-3079,https://securityvulnerability.io/vulnerability/CVE-2013-3079,,VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.,Vmware,Vcenter Server Appliance,,,0.0021299999207258224,false,false,false,false,,false,false,2013-05-01T12:00:00.000Z,0
CVE-2013-3080,https://securityvulnerability.io/vulnerability/CVE-2013-3080,,"VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access.",Vmware,Vcenter Server Appliance,,,0.003269999986514449,false,false,false,false,,false,false,2013-05-01T12:00:00.000Z,0
CVE-2013-3107,https://securityvulnerability.io/vulnerability/CVE-2013-3107,,"VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.",Vmware,Vcenter Server Appliance,,,0.0014900000533089042,false,false,false,false,,false,false,2013-05-01T12:00:00.000Z,0
CVE-2012-6324,https://securityvulnerability.io/vulnerability/CVE-2012-6324,,Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.,Vmware,Vcenter Server Appliance,,,0.001339999958872795,false,false,false,false,,false,false,2012-12-21T21:55:00.000Z,0
CVE-2012-6325,https://securityvulnerability.io/vulnerability/CVE-2012-6325,,"VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.",Vmware,Vcenter Server Appliance,,,0.0012199999764561653,false,false,false,false,,false,false,2012-12-21T21:55:00.000Z,0