Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2017-4899 | Out-of-bounds Read vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. | 4.7 |
| 2017-06-07 | CVE-2017-4898 | Unspecified vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. | 8.8 |
| 2017-06-07 | CVE-2017-4917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. | 9.8 |
| 2017-06-07 | CVE-2017-4914 | Deserialization of Untrusted Data vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. | 9.8 |
| 2017-05-31 | CVE-2017-4897 | Improper Input Validation vulnerability in VMWare Horizon Daas 6.1.6 VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. | 5.5 |
| 2017-05-25 | CVE-2016-5007 | Permissions, Privileges, and Access Controls vulnerability in multiple products Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. | 7.5 |
| 2017-05-25 | CVE-2015-5211 | Files or Directories Accessible to External Parties vulnerability in multiple products Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. | 9.6 |
| 2017-05-25 | CVE-2014-3527 | Improper Authentication vulnerability in VMWare Spring Security When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. | 9.8 |
| 2017-05-25 | CVE-2014-0225 | XXE vulnerability in multiple products When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. | 8.8 |
| 2017-05-25 | CVE-2014-0097 | Improper Authentication vulnerability in VMWare Spring Security The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. | 7.3 |