Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-29 | CVE-2016-7459 | XXE vulnerability in VMWare Vcenter Server 5.0/5.5/6.0 VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.7 |
| 2016-12-29 | CVE-2016-7086 | Permissions, Privileges, and Access Controls vulnerability in VMWare Workstation Player and Workstation PRO The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. | 7.8 |
| 2016-12-29 | CVE-2016-7085 | Untrusted Search Path vulnerability in VMWare Workstation Player and Workstation PRO Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2016-12-29 | CVE-2016-7084 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image. | 7.8 |
| 2016-12-29 | CVE-2016-7083 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL. | 7.8 |
| 2016-12-29 | CVE-2016-7082 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file. | 7.8 |
| 2016-12-29 | CVE-2016-7081 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. | 7.8 |
| 2016-12-29 | CVE-2016-7080 | NULL Pointer Dereference vulnerability in VMWare Tools The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079. | 7.8 |
| 2016-12-29 | CVE-2016-7079 | NULL Pointer Dereference vulnerability in VMWare Tools The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080. | 7.8 |
| 2016-12-29 | CVE-2016-2246 | Permissions, Privileges, and Access Controls vulnerability in HP Thinpro HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | 7.8 |