Filtered by vendor Vmware
Subscriptions
Total
892 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-4948 | 1 Vmware | 2 Horizon View, Workstation | 2024-09-16 | N/A |
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | ||||
CVE-2018-6966 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-09-16 | 8.1 High |
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967. | ||||
CVE-2018-6960 | 1 Vmware | 1 Horizon Daas | 2024-09-16 | N/A |
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | ||||
CVE-2018-1271 | 3 Oracle, Redhat, Vmware | 30 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 27 more | 2024-09-16 | 5.9 Medium |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | ||||
CVE-2018-6962 | 1 Vmware | 1 Fusion | 2024-09-16 | N/A |
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | ||||
CVE-2012-5055 | 2 Redhat, Vmware | 2 Fuse Esb Enterprise, Springsource Spring Security | 2024-09-16 | N/A |
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests. | ||||
CVE-2020-5428 | 1 Vmware | 1 Spring Cloud Task | 2024-09-16 | 6.0 Medium |
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | ||||
CVE-2018-6957 | 1 Vmware | 3 Fusion, Workstation Player, Workstation Pro | 2024-09-16 | N/A |
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. | ||||
CVE-2018-6972 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-09-16 | 6.5 Medium |
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | ||||
CVE-2020-5410 | 2 Redhat, Vmware | 2 Jboss Fuse, Spring Cloud Config | 2024-09-16 | 7.5 High |
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | ||||
CVE-2018-1257 | 3 Oracle, Redhat, Vmware | 32 Agile Product Lifecycle Management, Application Testing Suite, Big Data Discovery and 29 more | 2024-09-16 | 6.5 Medium |
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. | ||||
CVE-2013-6366 | 1 Vmware | 1 Hyperic Hq | 2024-09-16 | N/A |
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | ||||
CVE-2013-3079 | 1 Vmware | 1 Vcenter Server Appliance | 2024-09-16 | N/A |
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. | ||||
CVE-2017-4949 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-09-16 | N/A |
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. | ||||
CVE-2020-5405 | 1 Vmware | 1 Spring Cloud Config | 2024-09-16 | 6.5 Medium |
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. | ||||
CVE-2012-6324 | 1 Vmware | 1 Vcenter Server Appliance | 2024-09-16 | N/A |
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2024-09-16 | 5.6 Medium |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
CVE-2019-11287 | 5 Debian, Fedoraproject, Pivotal Software and 2 more | 5 Debian Linux, Fedora, Rabbitmq and 2 more | 2024-09-16 | 7.5 High |
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. | ||||
CVE-2009-3282 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2024-09-16 | N/A |
Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | ||||
CVE-2017-4920 | 1 Vmware | 1 Nsx-v Edge | 2024-09-16 | N/A |
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. |