Filtered by vendor Vmware
Subscriptions
Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-4918 | 1 Vmware | 1 Horizon View | 2025-04-20 | N/A |
| VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed. | ||||
| CVE-2017-4917 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-20 | N/A |
| VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. | ||||
| CVE-2017-4919 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | N/A |
| VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | ||||
| CVE-2017-4914 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-20 | N/A |
| VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. | ||||
| CVE-2017-4915 | 2 Linux, Vmware | 3 Linux Kernel, Workstation Player, Workstation Pro | 2025-04-20 | N/A |
| VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine. | ||||
| CVE-2017-4921 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | N/A |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation. | ||||
| CVE-2017-4916 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2025-04-20 | N/A |
| VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. | ||||
| CVE-2017-4934 | 1 Vmware | 2 Fusion, Workstation | 2025-04-20 | N/A |
| VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. | ||||
| CVE-2022-31705 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2025-04-18 | 8.2 High |
| VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | ||||
| CVE-2022-31708 | 1 Vmware | 1 Vrealize Operations | 2025-04-18 | 4.9 Medium |
| vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | ||||
| CVE-2022-31707 | 1 Vmware | 1 Vrealize Operations | 2025-04-18 | 7.2 High |
| vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | ||||
| CVE-2016-7462 | 1 Vmware | 1 Vrealize Operations | 2025-04-12 | N/A |
| The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. | ||||
| CVE-2016-7461 | 2 Microsoft, Vmware | 5 Windows, Fusion, Fusion Pro and 2 more | 2025-04-12 | N/A |
| The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. | ||||
| CVE-2016-7463 | 1 Vmware | 1 Esxi | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. | ||||
| CVE-2016-7459 | 1 Vmware | 1 Vcenter Server | 2025-04-12 | N/A |
| VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-0054 | 3 Redhat, Springsource, Vmware | 4 Jboss Amq, Jboss Fuse, Spring Framework and 1 more | 2025-04-12 | N/A |
| The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. | ||||
| CVE-2016-7460 | 1 Vmware | 1 Vrealize Automation | 2025-04-12 | N/A |
| The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2016-9878 | 3 Pivotal Software, Redhat, Vmware | 4 Spring Framework, Jboss Amq, Jboss Fuse and 1 more | 2025-04-12 | N/A |
| An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. | ||||
| CVE-2016-7456 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-12 | N/A |
| VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. | ||||
| CVE-2016-7087 | 2 Microsoft, Vmware | 2 Windows, Horizon View | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||