Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2017-08-22 CVE-2015-5258 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
network
low complexity
fedoraproject vmware CWE-352
8.8
8.8
2017-08-01 CVE-2017-4923 Insufficiently Protected Credentials vulnerability in VMWare Vcenter Server 6.5
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability.
network
low complexity
vmware CWE-522
critical
 9.8
9.8
2017-08-01 CVE-2017-4922 Information Exposure vulnerability in VMWare Vcenter Server 6.5
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information.
network
low complexity
vmware CWE-200
6.5
6.5
2017-08-01 CVE-2017-4921 Unspecified vulnerability in VMWare Vcenter Server 6.5
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner.
network
low complexity
vmware
8.8
8.8
2017-07-28 CVE-2017-4919 Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
network
high complexity
vmware CWE-306
critical
 9.0
9.0
2017-07-28 CVE-2015-5191 Race Condition vulnerability in VMWare Tools
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp.
local
high complexity
vmware CWE-362
6.7
6.7
2017-06-13 CVE-2017-4967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
network
low complexity
pivotal-software vmware debian CWE-79
6.1
6.1
2017-06-13 CVE-2017-4966 Information Exposure vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
local
low complexity
pivotal-software vmware debian CWE-200
7.8
7.8
2017-06-13 CVE-2017-4965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
network
low complexity
pivotal-software vmware debian CWE-79
6.1
6.1
2017-06-08 CVE-2017-4918 Command Injection vulnerability in VMWare Horizon View
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script.
network
low complexity
vmware CWE-77
critical
 9.8
9.8