Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-5531 | Insufficient Session Expiration vulnerability in VMWare Esxi, Vcenter Server and Vsphere Esxi VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. | 5.4 |
| 2019-09-18 | CVE-2019-5534 | Insufficiently Protected Credentials vulnerability in VMWare Vcenter Server 6.0/6.5/6.7 VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. | 7.7 |
| 2019-09-18 | CVE-2019-5532 | Information Exposure Through Log Files vulnerability in VMWare Vcenter Server 6.0/6.5/6.7 VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. | 7.7 |
| 2019-07-11 | CVE-2019-5528 | Unspecified vulnerability in VMWare Esxi 6.5/6.7 VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. | 5.3 |
| 2019-06-26 | CVE-2019-11272 | Insufficiently Protected Credentials vulnerability in multiple products Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. | 7.3 |
| 2019-06-06 | CVE-2019-5525 | Use After Free vulnerability in VMWare Workstation VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. | 8.8 |
| 2019-06-06 | CVE-2019-5522 | Out-of-bounds Read vulnerability in VMWare Tools VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. | 7.1 |
| 2019-05-15 | CVE-2019-5526 | Uncontrolled Search Path Element vulnerability in VMWare Workstation VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. | 7.8 |
| 2019-05-06 | CVE-2019-3799 | Path Traversal vulnerability in multiple products Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 6.5 |
| 2019-04-15 | CVE-2019-5520 | Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. | 5.9 |