| 2018-04-20 | CVE-2018-6960 | Improper Authentication vulnerability in VMWare Horizon Daas 7.0.0
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. | 8.8 |
| 2018-04-13 | CVE-2018-6959 | Session Fixation vulnerability in VMWare Vrealize Automation
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. | 9.8 |
| 2018-04-13 | CVE-2018-6958 | Cross-site Scripting vulnerability in VMWare Vrealize Automation
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. | 6.1 |
| 2018-04-13 | CVE-2018-5511 | Unsafe Reflection vulnerability in multiple products
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 7.2 |
| 2018-04-11 | CVE-2018-1275 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
| 2018-04-06 | CVE-2018-1272 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. | 7.5 |
| 2018-04-06 | CVE-2018-1271 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. | 5.9 |
| 2018-04-06 | CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
| 2018-03-29 | CVE-2016-0898 | Information Exposure Through Log Files vulnerability in VMWare Pivotal Software Mysql
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. | 10.0 |
| 2018-03-19 | CVE-2018-1196 | Link Following vulnerability in VMWare Spring Boot
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. | 5.9 |