Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2019-04-02 CVE-2019-5524 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter.
network
low complexity
vmware CWE-787
8.8
8.8
2019-04-02 CVE-2019-5515 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters.
network
low complexity
vmware CWE-787
8.8
8.8
2019-04-01 CVE-2019-5519 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface).
low complexity
vmware CWE-367
6.8
6.8
2019-04-01 CVE-2019-5518 Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface).
low complexity
vmware CWE-787
6.8
6.8
2019-04-01 CVE-2019-5514 Missing Authentication for Critical Function vulnerability in VMWare Fusion 11.0.0/11.0.1/11.0.2
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket.
network
low complexity
vmware CWE-306
8.8
8.8
2019-04-01 CVE-2019-5523 Session Fixation vulnerability in VMWare Vcloud Director 9.5.0.0/9.5.0.1/9.5.0.2
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals.
network
low complexity
vmware CWE-384
critical
 9.8
9.8
2019-01-18 CVE-2019-3772 XXE vulnerability in multiple products
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
network
low complexity
vmware oracle CWE-611
critical
 9.8
9.8
2018-12-19 CVE-2018-15801 Insufficient Verification of Data Authenticity vulnerability in VMWare Spring Framework 5.1.0/5.1.1
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation.
network
high complexity
vmware CWE-345
7.4
7.4
2018-12-18 CVE-2018-6978 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Vrealize Operations
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts.
local
low complexity
vmware CWE-732
6.7
6.7
2018-12-04 CVE-2018-6982 Use of Uninitialized Resource vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
local
low complexity
vmware CWE-908
6.5
6.5