Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-25 | CVE-2018-11040 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. | 7.5 |
| 2018-06-25 | CVE-2018-11039 | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. | 5.9 |
| 2018-06-11 | CVE-2018-6968 | Unspecified vulnerability in VMWare Airwatch Agent The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. | 10.0 |
| 2018-06-11 | CVE-2018-6961 | OS Command Injection vulnerability in VMWare NSX Sd-Wan BY Velocloud VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. | 8.1 |
| 2018-05-29 | CVE-2018-6964 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. | 7.8 |
| 2018-05-22 | CVE-2018-6963 | NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. | 5.5 |
| 2018-05-22 | CVE-2018-6962 | Unspecified vulnerability in VMWare Fusion VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | 7.8 |
| 2018-05-15 | CVE-2018-1263 | Path Traversal vulnerability in VMWare Spring Integration ZIP 1.0.0/1.0.1 Addresses partial fix in CVE-2018-1261. | 4.7 |
| 2018-05-11 | CVE-2018-1261 | Path Traversal vulnerability in VMWare Spring Integration ZIP 1.0.0 Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. | 4.7 |
| 2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 8.8 |