Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2016-12-29 CVE-2016-7461 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
local
low complexity
vmware CWE-119
8.8
2016-12-29 CVE-2016-7460 XXE vulnerability in VMWare Vrealize Automation
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
vmware CWE-611
critical
9.1
2016-12-29 CVE-2016-7459 XXE vulnerability in VMWare Vcenter Server 5.0/5.5/6.0
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
vmware CWE-611
7.7
2016-12-29 CVE-2016-7458 XXE vulnerability in VMWare Vsphere Client 5.5/6.0
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
vmware CWE-611
5.8
2016-12-29 CVE-2016-7457 Permissions, Privileges, and Access Controls vulnerability in VMWare Vrealize Operations
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
network
low complexity
vmware CWE-264
critical
10.0
2016-12-29 CVE-2016-7456 Credentials Management vulnerability in VMWare Vsphere Data Protection
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
network
low complexity
vmware CWE-255
critical
9.8
2016-12-29 CVE-2016-7087 Path Traversal vulnerability in VMWare Horizon View
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
vmware CWE-22
5.3
2016-12-29 CVE-2016-7086 Permissions, Privileges, and Access Controls vulnerability in VMWare Workstation Player and Workstation PRO
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.
local
low complexity
vmware CWE-264
7.8
2016-12-29 CVE-2016-7085 Untrusted Search Path vulnerability in VMWare Workstation Player and Workstation PRO
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
vmware CWE-426
7.8
2016-12-29 CVE-2016-7084 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
local
high complexity
vmware CWE-119
7.8