Filtered by vendor Vmware
Subscribe
Search
Total
175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6963 | 1 Vmware | 2 Fusion, Workstation | 2018-06-26 | 2.1 LOW | 5.5 MEDIUM |
| VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine. | |||||
| CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | |||||
| CVE-2017-4920 | 1 Vmware | 1 Nsx-v Edge | 2017-12-22 | 7.1 HIGH | 5.9 MEDIUM |
| The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. | |||||
| CVE-2017-4938 | 1 Vmware | 2 Fusion, Workstation | 2017-12-04 | 2.1 LOW | 6.5 MEDIUM |
| VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
| CVE-2017-4930 | 1 Vmware | 1 Airwatch | 2017-12-04 | 3.5 LOW | 5.4 MEDIUM |
| VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL. | |||||
| CVE-2017-4929 | 1 Vmware | 1 Nsx Edge | 2017-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | |||||
| CVE-2017-4926 | 1 Vmware | 1 Vcenter Server | 2017-09-21 | 3.5 LOW | 5.4 MEDIUM |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. | |||||
| CVE-2016-2079 | 1 Vmware | 2 Nsx Edge, Vcloud Networking And Security Edge | 2017-09-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2081 | 1 Vmware | 1 Vrealize Log Insight | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6931 | 1 Vmware | 1 Vcenter Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2017-08-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-4916 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2017-08-13 | 6.8 MEDIUM | 6.5 MEDIUM |
| VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. | |||||
| CVE-2015-5191 | 2 Linux, Vmware | 2 Linux Kernel, Tools | 2017-08-08 | 3.7 LOW | 6.7 MEDIUM |
| VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | |||||
| CVE-2017-4922 | 1 Vmware | 1 Vcenter Server | 2017-08-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted. | |||||
| CVE-2016-7087 | 2 Microsoft, Vmware | 2 Windows, Horizon View | 2017-07-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-5329 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2017-07-29 | 2.1 LOW | 5.5 MEDIUM |
| VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | |||||
| CVE-2016-5328 | 2 Apple, Vmware | 2 Mac Os X, Tools | 2017-07-29 | 2.1 LOW | 5.5 MEDIUM |
| VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | |||||
| CVE-2016-7458 | 1 Vmware | 1 Vsphere Client | 2017-07-28 | 5.0 MEDIUM | 5.8 MEDIUM |
| VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-5334 | 1 Vmware | 2 Identity Manger, Vrealize Automation | 2017-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||||
| CVE-2017-4900 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2017-07-17 | 2.1 LOW | 5.5 MEDIUM |
| VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
| CVE-2017-4899 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2017-07-17 | 1.9 LOW | 4.7 MEDIUM |
| VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed. | |||||
| CVE-2017-4897 | 1 Vmware | 1 Horizon Daas | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. | |||||
| CVE-2016-7463 | 1 Vmware | 1 Esxi | 2016-12-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. | |||||
| CVE-2015-6933 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2016-12-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. | |||||
| CVE-2015-2344 | 2 Linux, Vmware | 2 Linux Kernel, Vrealize Automation | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||