Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-22 | CVE-2018-6963 | NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. | 5.5 |
| 2018-05-22 | CVE-2018-6962 | Unspecified vulnerability in VMWare Fusion VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | 7.8 |
| 2018-05-15 | CVE-2018-1263 | Path Traversal vulnerability in VMWare Spring Integration ZIP 1.0.0/1.0.1 Addresses partial fix in CVE-2018-1261. | 4.7 |
| 2018-05-11 | CVE-2018-1261 | Path Traversal vulnerability in VMWare Spring Integration ZIP 1.0.0 Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. | 4.7 |
| 2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 8.8 |
| 2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 6.5 |
| 2018-05-07 | CVE-2018-1256 | Unspecified vulnerability in VMWare Spring Cloud SSO Connector 2.1.2 Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. | 8.1 |
| 2018-05-02 | CVE-2017-4952 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Xenon VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. | 7.5 |
| 2018-04-20 | CVE-2018-6960 | Improper Authentication vulnerability in VMWare Horizon Daas 7.0.0 VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. | 8.8 |
| 2018-04-13 | CVE-2018-6959 | Session Fixation vulnerability in VMWare Vrealize Automation VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. | 9.8 |