Filtered by vendor Vmware
Subscribe
Total
875 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5329 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | |||||
CVE-2016-7087 | 2 Microsoft, Vmware | 2 Windows, Horizon View | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2017-4896 | 1 Vmware | 2 Airwatch Agent, Airwatch Inbox | 2023-12-10 | 2.1 LOW | 3.8 LOW |
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. | |||||
CVE-2016-7082 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2023-12-10 | 5.9 MEDIUM | 7.8 HIGH |
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file. | |||||
CVE-2016-5328 | 2 Apple, Vmware | 2 Mac Os X, Tools | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | |||||
CVE-2016-7459 | 1 Vmware | 1 Vcenter Server | 2023-12-10 | 4.0 MEDIUM | 7.7 HIGH |
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2015-2337 | 2 Microsoft, Vmware | 6 Windows, Fusion, Horizon Client and 3 more | 2023-12-10 | 5.8 MEDIUM | N/A |
TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
CVE-2015-2340 | 2 Microsoft, Vmware | 6 Windows, Fusion, Horizon Client and 3 more | 2023-12-10 | 6.1 MEDIUM | N/A |
TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors. | |||||
CVE-2015-2338 | 2 Microsoft, Vmware | 6 Windows, Fusion, Horizon Client and 3 more | 2023-12-10 | 6.1 MEDIUM | N/A |
TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339. | |||||
CVE-2016-2078 | 2 Microsoft, Vmware | 2 Windows, Vcenter Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter. | |||||
CVE-2016-5336 | 1 Vmware | 1 Vrealize Automation | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2016-2082 | 1 Vmware | 1 Vrealize Log Insight | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2016-2075 | 2 Linux, Vmware | 2 Linux Kernel, Vrealize Business Advanced And Enterprise | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-2344 | 2 Linux, Vmware | 2 Linux Kernel, Vrealize Automation | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-3192 | 3 Fedoraproject, Pivotal Software, Vmware | 3 Fedora, Spring Framework, Spring Framework | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. | |||||
CVE-2016-5335 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. | |||||
CVE-2015-2342 | 1 Vmware | 1 Vcenter Server | 2023-12-10 | 10.0 HIGH | N/A |
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol. | |||||
CVE-2016-2076 | 1 Vmware | 3 Vcenter Server, Vcloud Automation Identity Appliance, Vcloud Director | 2023-12-10 | 6.8 MEDIUM | 7.6 HIGH |
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. | |||||
CVE-2015-3650 | 1 Vmware | 3 Horizon View Client, Player, Workstation | 2023-12-10 | 7.2 HIGH | N/A |
vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread. | |||||
CVE-2016-5330 | 3 Apple, Microsoft, Vmware | 7 Mac Os X, Windows, Esxi and 4 more | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. |