Filtered by vendor Vmware Subscriptions
Total 901 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-7462 1 Vmware 1 Vrealize Operations 2024-11-21 N/A
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
CVE-2016-7461 2 Microsoft, Vmware 5 Windows, Fusion, Fusion Pro and 2 more 2024-11-21 N/A
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
CVE-2016-7460 1 Vmware 1 Vrealize Automation 2024-11-21 N/A
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-7459 1 Vmware 1 Vcenter Server 2024-11-21 N/A
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-7458 1 Vmware 1 Vsphere Client 2024-11-21 N/A
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-7457 1 Vmware 1 Vrealize Operations 2024-11-21 N/A
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
CVE-2016-7456 1 Vmware 1 Vsphere Data Protection 2024-11-21 N/A
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
CVE-2016-7087 2 Microsoft, Vmware 2 Windows, Horizon View 2024-11-21 N/A
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-7086 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 N/A
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.
CVE-2016-7085 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 N/A
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2016-7084 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 N/A
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
CVE-2016-7083 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 N/A
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
CVE-2016-7082 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 N/A
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.
CVE-2016-7081 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 N/A
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVE-2016-7080 2 Apple, Vmware 2 Mac Os X, Tools 2024-11-21 N/A
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
CVE-2016-7079 2 Apple, Vmware 2 Mac Os X, Tools 2024-11-21 N/A
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
CVE-2016-5336 1 Vmware 1 Vrealize Automation 2024-11-21 N/A
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-5335 1 Vmware 2 Identity Manager, Vrealize Automation 2024-11-21 7.8 High
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
CVE-2016-5334 1 Vmware 2 Identity Manager, Vrealize Automation 2024-11-21 5.3 Medium
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
CVE-2016-5333 1 Vmware 1 Photon Os 2024-11-21 N/A
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.