Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-27 CVE-2017-4995 Deserialization of Untrusted Data vulnerability in VMWare Spring Security
An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1.
network
high complexity
vmware CWE-502
8.1
8.1
2017-11-20 CVE-2017-16544 Code Injection vulnerability in multiple products
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal.
network
low complexity
busybox debian vmware redlion canonical CWE-94
8.8
8.8
2017-11-17 CVE-2017-4939 Untrusted Search Path vulnerability in VMWare Workstation
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly.
local
low complexity
vmware CWE-426
7.8
7.8
2017-11-17 CVE-2017-4937 Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll.
local
high complexity
vmware CWE-125
7.8
7.8
2017-11-17 CVE-2017-4936 Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll.
local
high complexity
vmware CWE-125
7.8
7.8
2017-11-17 CVE-2017-4935 Out-of-bounds Write vulnerability in VMWare Horizon View and Workstation
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll.
local
high complexity
vmware CWE-787
7.8
7.8
2017-11-17 CVE-2017-4934 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Fusion and Workstation
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device.
local
low complexity
vmware CWE-119
8.8
8.8
2017-11-17 CVE-2017-4928 Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 5.5/6.0
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e.
network
low complexity
vmware CWE-918
7.5
7.5
2017-11-17 CVE-2017-4927 LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
network
low complexity
vmware CWE-90
7.5
7.5
2017-11-16 CVE-2017-4932 Unspecified vulnerability in VMWare Airwatch Launcher
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege.
local
low complexity
vmware
7.8
7.8