Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-12-29 CVE-2016-7083 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
local
high complexity
vmware CWE-119
7.8
2016-12-29 CVE-2016-7082 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.
local
high complexity
vmware CWE-119
7.8
2016-12-29 CVE-2016-7081 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
local
high complexity
vmware CWE-119
7.8
2016-12-29 CVE-2016-7080 NULL Pointer Dereference vulnerability in VMWare Tools
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
local
low complexity
vmware CWE-476
7.8
2016-12-29 CVE-2016-7079 NULL Pointer Dereference vulnerability in VMWare Tools
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
local
low complexity
vmware CWE-476
7.8
2016-12-29 CVE-2016-5334 Exposure of Resource to Wrong Sphere vulnerability in VMWare Identity Manager and Vrealize Automation
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
network
low complexity
vmware CWE-668
5.3
2016-12-29 CVE-2016-5329 Information Exposure vulnerability in VMWare Fusion
VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
local
low complexity
vmware CWE-200
5.5
2016-12-29 CVE-2016-5328 7PK - Security Features vulnerability in VMWare Tools
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
local
low complexity
vmware CWE-254
5.5
2016-12-29 CVE-2016-2246 Permissions, Privileges, and Access Controls vulnerability in HP Thinpro
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
local
low complexity
hp CWE-264
7.8
2016-12-28 CVE-2016-9806 Double Free vulnerability in Linux Kernel
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
local
low complexity
linux CWE-415
7.8