Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2017-4910 Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll.
local
vmware CWE-125
6.9
2017-06-08 CVE-2017-4909 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll.
local
vmware CWE-119
6.9
2017-06-08 CVE-2017-4908 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll.
local
vmware CWE-119
6.9
2017-06-08 CVE-2017-4907 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Unified Access Gateway
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.
network
low complexity
vmware CWE-119
7.5
2017-06-08 CVE-2017-4901 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Fusion and Workstation
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability.
network
low complexity
vmware CWE-119
7.5
2017-06-07 CVE-2017-4905 Use of Uninitialized Resource vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage.
local
low complexity
vmware CWE-908
2.1
2017-06-07 CVE-2017-4904 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage.
local
low complexity
vmware CWE-119
7.2
2017-06-07 CVE-2017-4903 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA.
local
low complexity
vmware CWE-119
7.2
2017-06-07 CVE-2017-4902 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA.
local
low complexity
vmware CWE-119
7.2
2017-06-07 CVE-2017-4900 NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver.
local
low complexity
vmware CWE-476
2.1