High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-09	CVE-2018-6966	Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. network low complexity vmware CWE-125	8.1
2018-07-09	CVE-2018-6965	Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. network low complexity vmware CWE-125	8.1
2018-06-25	CVE-2018-11040	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. network low complexity vmware oracle debian CWE-829	7.5
2018-06-11	CVE-2018-6961	OS Command Injection vulnerability in VMWare NSX Sd-Wan BY Velocloud VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. network high complexity vmware CWE-78	8.1
2018-05-29	CVE-2018-6964	Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. local low complexity vmware	7.8
2018-05-22	CVE-2018-6962	Unspecified vulnerability in VMWare Fusion VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. local low complexity vmware	7.8
2018-05-11	CVE-2018-1258	Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. network low complexity pivotal-software vmware oracle netapp redhat CWE-863	8.8
2018-05-07	CVE-2018-1256	Unspecified vulnerability in VMWare Spring Cloud SSO Connector 2.1.2 Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. network high complexity vmware	8.1
2018-05-02	CVE-2017-4952	Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Xenon VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. network low complexity vmware CWE-732	7.5
2018-04-20	CVE-2018-6960	Improper Authentication vulnerability in VMWare Horizon Daas 7.0.0 VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. network low complexity vmware CWE-287	8.8