Filtered by vendor Vmware
Subscribe
Total
927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-4929 | 1 Vmware | 1 Nsx Edge | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.
|
|||||
| CVE-2017-4932 | 2 Google, Vmware | 2 Android, Airwatch Launcher | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege.
|
|||||
| CVE-2017-4931 | 1 Vmware | 1 Airwatch | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.
|
|||||
| CVE-2017-4904 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
|
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
|
|||||
| CVE-2017-4910 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possibl ...
Show More |
|||||
| CVE-2017-4935 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possib ...
Show More |
|||||
| CVE-2017-4914 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
|
|||||
| CVE-2017-4942 | 1 Vmware | 1 Airwatch Console | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
|
|||||
| CVE-2017-4920 | 1 Vmware | 1 Nsx-v Edge | 2025-04-20 | 7.1 HIGH | 5.9 MEDIUM |
|
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.
|
|||||
| CVE-2017-4940 | 1 Vmware | 1 Esxi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
|
|||||
| CVE-2015-5191 | 2 Linux, Vmware | 2 Linux Kernel, Tools | 2025-04-20 | 3.7 LOW | 6.7 MEDIUM |
|
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
|||||
| CVE-2017-4900 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
|
|||||
| CVE-2014-0097 | 1 Vmware | 1 Spring Security | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
|
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
|
|||||
| CVE-2017-8041 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
|
|||||
| CVE-2016-9879 | 2 Ibm, Vmware | 2 Websphere Application Server, Spring Security | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the ...
Show More |
|||||
| CVE-2017-4913 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possibl ...
Show More |
|||||
| CVE-2017-4896 | 1 Vmware | 2 Airwatch Agent, Airwatch Inbox | 2025-04-20 | 2.1 LOW | 3.8 LOW |
|
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
|
|||||
| CVE-2017-4915 | 2 Linux, Vmware | 3 Linux Kernel, Workstation Player, Workstation Pro | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
|
|||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.
|
|||||
| CVE-2017-4925 | 2 Apple, Vmware | 5 Mac Os X, Esxi, Fusion and 2 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
|
|||||
| CVE-2017-4923 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
|
|||||
| CVE-2017-4911 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possib ...
Show More |
|||||
| CVE-2017-4924 | 1 Vmware | 3 Esxi, Fusion, Workstation Pro | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
|
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
|
|||||
| CVE-2017-4901 | 1 Vmware | 2 Fusion, Workstation | 2025-04-20 | 7.5 HIGH | 9.9 CRITICAL |
|
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
|
|||||
| CVE-2017-8044 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
|
|||||
| CVE-2017-4937 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possibl ...
Show More |
|||||
| CVE-2017-8040 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.
|
|||||
| CVE-2017-4933 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2025-04-20 | 6.0 MEDIUM | 8.8 HIGH |
|
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual ...
Show More |
|||||
| CVE-2017-4926 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.
|
|||||
| CVE-2014-0225 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
|
|||||
| CVE-2017-4908 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possi ...
Show More |
|||||
| CVE-2017-4919 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 6.8 MEDIUM | 9.0 CRITICAL |
|
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
|
|||||
| CVE-2015-5211 | 2 Debian, Vmware | 2 Debian Linux, Spring Framework | 2025-04-20 | 9.3 HIGH | 9.6 CRITICAL |
|
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
|
|||||
| CVE-2016-5007 | 2 Pivotal Software, Vmware | 3 Spring Framework, Spring Framework, Spring Security | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by t ...
Show More |
|||||
| CVE-2017-4936 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.
|
|||||
| CVE-2017-4930 | 1 Vmware | 1 Airwatch | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.
|
|||||
| CVE-2017-4903 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
|
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
|
|||||
| CVE-2017-4912 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is o ...
Show More |
|||||
| CVE-2017-4922 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
|
|||||
| CVE-2017-4939 | 1 Vmware | 1 Workstation | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.
|
|||||