Filtered by vendor Vmware
Subscribe
Total
909 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-4949 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. | |||||
| CVE-2017-4948 | 1 Vmware | 2 Horizon View, Workstation | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | |||||
| CVE-2017-4947 | 1 Vmware | 2 Vrealize Automation, Vsphere Integrated Containers | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. | |||||
| CVE-2017-4946 | 1 Vmware | 2 Vrealize Operations For Horizon, Vrealize Operations For Published Applications | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. | |||||
| CVE-2017-4945 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. | |||||
| CVE-2016-1000027 | 1 Vmware | 1 Spring Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. | |||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | |||||
| CVE-2024-38814 | 1 Vmware | 1 Vmware Hcx | 2024-10-21 | N/A | 8.8 HIGH |
| An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products. | |||||
| CVE-2024-38811 | 1 Vmware | 1 Fusion | 2024-09-17 | N/A | 7.8 HIGH |
| VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. | |||||