Filtered by vendor Vmware
Subscribe
Total
924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-4897 | 1 Vmware | 1 Horizon Daas | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. | |||||
| CVE-2017-4898 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2025-04-20 | 6.9 MEDIUM | 8.8 HIGH |
| VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. | |||||
| CVE-2017-4938 | 1 Vmware | 2 Fusion, Workstation | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
| VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
| CVE-2017-4919 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 6.8 MEDIUM | 9.0 CRITICAL |
| VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | |||||
| CVE-2017-4942 | 1 Vmware | 1 Airwatch Console | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. | |||||
| CVE-2017-4933 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2025-04-20 | 6.0 MEDIUM | 8.8 HIGH |
| VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | |||||
| CVE-2017-8041 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | |||||
| CVE-2017-4908 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | |||||
| CVE-2017-4941 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2025-04-20 | 6.0 MEDIUM | 8.8 HIGH |
| VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | |||||
| CVE-2017-4940 | 1 Vmware | 1 Esxi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. | |||||
| CVE-2016-2173 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Advanced Message Queuing Protocol | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | |||||
| CVE-2017-4900 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
| CVE-2017-4923 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | |||||
| CVE-2017-4901 | 1 Vmware | 2 Fusion, Workstation | 2025-04-20 | 7.5 HIGH | 9.9 CRITICAL |
| The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. | |||||
| CVE-2017-8044 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | |||||
| CVE-2017-4916 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. | |||||
| CVE-2017-4909 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | |||||
| CVE-2017-4922 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted. | |||||
| CVE-2015-5211 | 2 Debian, Vmware | 2 Debian Linux, Spring Framework | 2025-04-20 | 9.3 HIGH | 9.6 CRITICAL |
| Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. | |||||
| CVE-2017-8040 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system. | |||||