Vulnerabilities > Vmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-01 | CVE-2017-4923 | Insufficiently Protected Credentials vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. | 9.8 |
| 2017-07-28 | CVE-2017-4919 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 5.5/6.0/6.5 VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | 9.0 |
| 2017-06-08 | CVE-2017-4918 | Command Injection vulnerability in VMWare Horizon View VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. | 9.8 |
| 2017-06-08 | CVE-2017-4907 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Unified Access Gateway VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway. | 9.8 |
| 2017-06-08 | CVE-2017-4901 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Fusion and Workstation The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. | 9.9 |
| 2017-06-07 | CVE-2017-4917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. | 9.8 |
| 2017-06-07 | CVE-2017-4914 | Deserialization of Untrusted Data vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. | 9.8 |
| 2017-05-25 | CVE-2015-5211 | Files or Directories Accessible to External Parties vulnerability in multiple products Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. | 9.6 |
| 2017-05-25 | CVE-2014-3527 | Improper Authentication vulnerability in VMWare Spring Security When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. | 9.8 |
| 2017-04-21 | CVE-2016-2173 | Improper Input Validation vulnerability in multiple products org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | 9.8 |