Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2017-08-01 CVE-2017-4921 Unspecified vulnerability in VMWare Vcenter Server 6.5
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner.
network
low complexity
vmware
6.5
2017-07-28 CVE-2017-4919 Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
network
vmware CWE-306
6.8
2017-07-28 CVE-2015-5191 Race Condition vulnerability in VMWare Tools
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp.
local
high complexity
vmware linux CWE-362
3.7
2017-06-13 CVE-2017-4967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
4.3
2017-06-13 CVE-2017-4966 Information Exposure vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
local
low complexity
pivotal-software vmware debian CWE-200
2.1
2017-06-13 CVE-2017-4965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
4.3
2017-06-08 CVE-2017-4918 Command Injection vulnerability in VMWare Horizon View
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script.
network
low complexity
vmware CWE-77
critical
10.0
2017-06-08 CVE-2017-4913 Integer Overflow or Wraparound vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll.
local
vmware CWE-190
6.9
2017-06-08 CVE-2017-4912 Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll.
local
vmware CWE-125
6.9
2017-06-08 CVE-2017-4911 Out-of-bounds Write vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll.
local
vmware CWE-787
6.9