Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-31 | CVE-2016-5336 | Unspecified vulnerability in VMWare Vrealize Automation 7.0/7.0.1 VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-08-31 | CVE-2016-5335 | Unspecified vulnerability in VMWare Identity Manager and Vrealize Automation VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. | 7.8 |
| 2016-08-31 | CVE-2016-5333 | Use of Hard-coded Credentials vulnerability in VMWare Photon OS 1.0 VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | 9.8 |
| 2016-08-31 | CVE-2016-5332 | Path Traversal vulnerability in VMWare Vrealize LOG Insight Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.3 |
| 2016-08-08 | CVE-2016-5331 | CRLF Injection vulnerability in VMWare Esxi and Vcenter Server CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.1 |
| 2016-08-08 | CVE-2016-5330 | Untrusted Search Path vulnerability in VMWare products Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.8 |
| 2016-07-12 | CVE-2015-3192 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. | 5.5 |
| 2016-07-03 | CVE-2016-2082 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vrealize LOG Insight Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2016-07-03 | CVE-2016-2081 | Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-07-03 | CVE-2016-2079 | Information Exposure vulnerability in VMWare NSX Edge and Vcloud Networking and Security Edge VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. | 5.9 |