Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-06 | CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
| 2018-03-29 | CVE-2016-0898 | Information Exposure Through Log Files vulnerability in VMWare Pivotal Software Mysql MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. | 10.0 |
| 2018-03-19 | CVE-2018-1196 | Link Following vulnerability in VMWare Spring Boot Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. | 5.9 |
| 2018-03-16 | CVE-2018-1199 | Improper Input Validation vulnerability in multiple products Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. | 5.3 |
| 2018-03-15 | CVE-2018-6957 | Missing Release of Resource after Effective Lifetime vulnerability in VMWare Fusion, Workstation Player and Workstation PRO VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. | 5.3 |
| 2018-01-29 | CVE-2017-4951 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. | 8.8 |
| 2018-01-29 | CVE-2017-4947 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Automation and Vsphere Integrated Containers VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. | 9.8 |
| 2018-01-11 | CVE-2017-4950 | Integer Overflow or Wraparound vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. | 7.0 |
| 2018-01-11 | CVE-2017-4949 | Use After Free vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. | 7.0 |
| 2018-01-05 | CVE-2017-4948 | Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. | 7.1 |