Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2019-5514 | Missing Authentication for Critical Function vulnerability in VMWare Fusion 11.0.0/11.0.1/11.0.2 VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. | 8.8 |
| 2019-04-01 | CVE-2019-5523 | Session Fixation vulnerability in VMWare Vcloud Director 9.5.0.0/9.5.0.1/9.5.0.2 VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. | 9.8 |
| 2019-01-18 | CVE-2019-3772 | XXE vulnerability in multiple products Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
| 2018-12-19 | CVE-2018-15801 | Insufficient Verification of Data Authenticity vulnerability in VMWare Spring Framework 5.1.0/5.1.1 Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. | 7.4 |
| 2018-12-18 | CVE-2018-6978 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Vrealize Operations vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. | 6.7 |
| 2018-12-04 | CVE-2018-6982 | Use of Uninitialized Resource vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest. | 6.5 |
| 2018-12-04 | CVE-2018-6981 | Use of Uninitialized Resource vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host. | 8.8 |
| 2018-11-27 | CVE-2018-6983 | Integer Overflow or Wraparound vulnerability in VMWare Fusion and Workstation VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. | 8.8 |
| 2018-11-26 | CVE-2018-11077 | OS Command Injection vulnerability in multiple products 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. | 6.7 |
| 2018-11-26 | CVE-2018-11076 | Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. | 6.5 |