threat
engine
.sh
Back
·
··:··
Home
/
Product
/
vmware server
Product
vmware server
103 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-43640
< 2026.4.1
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization
8.1
HIGH
CVE-2026-43639
< 2026.4.0
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an a
8.0
HIGH
CVE-2026-43638
< 2026.4.1
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write cip
5.4
MEDIUM
CVE-2024-39847
all versions
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows t
7.5
HIGH
CVE-2026-6408
>= 7.6.4.0 and < 7.6.4.2185
Tanium addressed an information disclosure vulnerability in Tanium Server.
2.7
LOW
CVE-2025-15317
>= 7.4.6 and < 7.4.6.1154
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
6.5
MEDIUM
CVE-2025-15316
>= 7.4.6 and < 7.4.6.1151
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
6.7
MEDIUM
CVE-2025-15315
>= 7.4.6 and < 7.4.6.1151
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
6.7
MEDIUM
CVE-2025-15322
>= 7.6.2.0 and < 7.6.2.1327
Tanium addressed an improper access controls vulnerability in Tanium Server.
4.3
MEDIUM
CVE-2025-66823
all versions
An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject ar
5.4
MEDIUM
CVE-2025-66834
all versions
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formula
7.3
HIGH
CVE-2025-66824
all versions
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality
8.7
HIGH
CVE-2023-4770
all versions
An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting v
6.5
MEDIUM
CVE-2023-30223
all versions
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted
7.5
HIGH
CVE-2023-30222
all versions
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve
7.5
HIGH
CVE-2021-43449
<= 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be a
8.1
HIGH
CVE-2021-43448
<= 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attac
5.3
MEDIUM
CVE-2021-43447
<= 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor
7.5
HIGH
CVE-2021-43446
<= 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor
6.1
MEDIUM
CVE-2021-43445
<= 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket
9.8
CRITICAL
CVE-2021-43444
<= 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due
7.5
HIGH
CVE-2022-46764
< 5.2.6
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers
9.8
CRITICAL
CVE-2022-46763
< 5.2.6
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged
8.8
HIGH
CVE-2017-20120
all versions
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file
4.3
MEDIUM
CVE-2017-20119
< 5.0.2
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin
3.5
LOW
CVE-2017-20118
< 5.0.2
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown funct
3.5
LOW
CVE-2017-20117
< 5.0.2
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unkn
3.5
LOW
CVE-2017-20116
< 5.0.2
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the
3.5
LOW
CVE-2017-20115
< 5.0.2
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of th
3.5
LOW
CVE-2017-20114
< 5.0.2
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of
3.5
LOW
CVE-2017-20113
< 5.0.2
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipu
3.5
LOW
CVE-2022-1502
>= 2021.3 and < 2021.3.12725
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified b
4.3
MEDIUM
CVE-2021-31817
>= 2020.6.0 and < 2020.6.5146
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password
7.5
HIGH
CVE-2021-31816
< 2020.6.5146
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password
7.5
HIGH
CVE-2021-31818
>= 2018.9.17 and < 2018.13.0
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user
4.3
MEDIUM
CVE-2021-30183
< 2020.5.329
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import
7.5
HIGH
CVE-2020-16197
all versions
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outsid
4.3
MEDIUM
CVE-2020-15879
all versions
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, an
7.5
HIGH
CVE-2019-19766
<= 1.32.0
The Bitwarden server through 1.32.0 has a potentially unwanted KDF.
7.5
HIGH
CVE-2019-19085
>= 3.4.0 and <= 2019.10.5
A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attack
5.4
MEDIUM
CVE-2019-15508
>= 3.0.8 and <= 2019.7.6
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited Oct
6.5
MEDIUM
CVE-2019-15507
>= 2018.8.4 and <= 2019.7.6
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited
6.5
MEDIUM
CVE-2010-4296
all versions
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux,
CVE-2010-4295
all versions
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player
CVE-2010-4294
all versions
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1
CVE-2009-4811
all versions
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 bu
CVE-2010-1142
all versions
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.
CVE-2010-1141
all versions
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.
CVE-2010-1139
all versions
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.
CVE-2010-1138
all versions
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 2464
CVE-2009-3732
>= 2.0.0 and <= 2.0.2
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute
CVE-2009-1565
all versions
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Wor
CVE-2009-1564
all versions
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and t
CVE-2010-1193
all versions
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script
CVE-2010-1137
all versions
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the
CVE-2010-0686
all versions
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to levera
CVE-2009-3731
all versions
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 2
CVE-2009-3733
all versions
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMwa
CVE-2009-2267
all versions
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 b
CVE-2009-3707
all versions
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 bu
CVE-2009-1805
<= 1.0.8
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player
CVE-2009-1244
all versions
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and
CVE-2009-1147
all versions
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlie
CVE-2009-1146
all versions
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMwar
CVE-2009-0910
all versions
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5
CVE-2009-0909
all versions
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5
CVE-2009-1072
all versions
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which
CVE-2009-0778
all versions
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does
CVE-2009-0177
all versions
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and ea
CVE-2008-4917
>= 1.0 and <= 1.0.9
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and ear
CVE-2008-4915
>= 1.0 and <= 1.0.7
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x thr
CVE-2008-4279
>= 1.0 and < 1.0.8
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before
CVE-2008-3014
all versions
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vist
CVE-2008-3012
all versions
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser
CVE-2007-5348
all versions
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1
CVE-2008-3892
< 1.0.7
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstat
CVE-2008-3698
< 1.0.7
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.
CVE-2008-3697
all versions
An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (II
CVE-2008-3696
< 1.0.7
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6
CVE-2008-3695
< 1.0.7
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6
CVE-2008-3694
< 1.0.7
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6
CVE-2008-3693
< 1.0.7
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6
CVE-2008-3692
< 1.0.7
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6
CVE-2008-3691
< 1.0.7
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6
CVE-2008-2100
<= 1.0.5
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x,
CVE-2008-0967
all versions
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build
CVE-2007-5671
all versions
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, V
CVE-2008-1364
all versions
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware A
CVE-2008-1363
>= 1.0 and < 1.0.5
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE
CVE-2008-1362
all versions
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE
CVE-2008-1361
all versions
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE
CVE-2008-1340
all versions
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMw
CVE-2007-5619
<= 1.0.3
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which mi
CVE-2007-5618
< 1.0.4
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 bef
CVE-2007-5023
>= 1.0 and <= 1.0.4
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Pl
CVE-2007-4497
>= 1.0 and <= 1.0.4
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5
CVE-2007-4496
>= 1.0 and <= 1.0.4
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5
CVE-2007-0063
>= 1.0 and < 1.0.4
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player b
CVE-2007-0062
all versions
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before
CVE-2007-0061
>= 1.0 and < 1.0.4
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 564
CVE-2007-2491
all versions
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to wri
CVE-2006-3589
all versions
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod functi
CVE-2006-2662
all versions
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local a
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin