Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-5511 Unspecified vulnerability in VMWare Workstation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately.
local
low complexity
vmware
8.8
8.8
2019-04-02 CVE-2019-5524 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter.
network
low complexity
vmware CWE-787
8.8
8.8
2019-04-02 CVE-2019-5515 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters.
network
low complexity
vmware CWE-787
8.8
8.8
2019-04-01 CVE-2019-5514 Missing Authentication for Critical Function vulnerability in VMWare Fusion 11.0.0/11.0.1/11.0.2
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket.
network
low complexity
vmware CWE-306
8.8
8.8
2018-12-19 CVE-2018-15801 Insufficient Verification of Data Authenticity vulnerability in VMWare Spring Framework 5.1.0/5.1.1
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation.
network
high complexity
vmware CWE-345
7.4
7.4
2018-12-04 CVE-2018-6981 Use of Uninitialized Resource vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.
local
low complexity
vmware CWE-908
8.8
8.8
2018-11-27 CVE-2018-6983 Integer Overflow or Wraparound vulnerability in VMWare Fusion and Workstation
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices.
local
low complexity
vmware CWE-190
8.8
8.8
2018-11-13 CVE-2018-6980 Incorrect Authorization vulnerability in VMWare Vrealize LOG Insight 4.6/4.6.1/4.7
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method.
network
low complexity
vmware CWE-863
7.2
7.2
2018-10-18 CVE-2018-15756 Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource.
network
low complexity
vmware oracle debian
7.5
7.5
2018-10-16 CVE-2018-6974 Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device.
local
low complexity
vmware CWE-125
8.8
8.8