Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-11 | CVE-2017-4950 | Integer Overflow or Wraparound vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. | 7.0 |
| 2018-01-11 | CVE-2017-4949 | Use After Free vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. | 7.0 |
| 2018-01-05 | CVE-2017-4948 | Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. | 7.1 |
| 2018-01-05 | CVE-2017-4946 | Incorrect Authorization vulnerability in VMWare products The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. | 7.8 |
| 2017-12-20 | CVE-2017-4943 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. | 7.8 |
| 2017-12-20 | CVE-2017-4941 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. | 8.8 |
| 2017-12-20 | CVE-2017-4933 | Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation PRO VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. | 8.8 |
| 2017-11-27 | CVE-2017-4995 | Deserialization of Untrusted Data vulnerability in VMWare Spring Security An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. | 8.1 |
| 2017-11-20 | CVE-2017-16544 | Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. | 8.8 |
| 2017-11-17 | CVE-2017-4939 | Untrusted Search Path vulnerability in VMWare Workstation VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. | 7.8 |