Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-29 CVE-2016-7082 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.
local
high complexity
vmware CWE-119
7.8
2016-12-29 CVE-2016-7081 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Workstation Player and Workstation PRO
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
local
high complexity
vmware CWE-119
7.8
2016-12-29 CVE-2016-7080 NULL Pointer Dereference vulnerability in VMWare Tools
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
local
low complexity
vmware CWE-476
7.8
2016-12-29 CVE-2016-7079 NULL Pointer Dereference vulnerability in VMWare Tools
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
local
low complexity
vmware CWE-476
7.8
2016-08-31 CVE-2016-5335 Unspecified vulnerability in VMWare Identity Manager and Vrealize Automation
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
local
low complexity
vmware
7.8
2016-08-08 CVE-2016-5330 Untrusted Search Path vulnerability in VMWare products
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
local
low complexity
vmware CWE-426
7.8
2016-07-03 CVE-2016-2082 Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vrealize LOG Insight
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
low complexity
vmware CWE-352
8.8
2016-04-15 CVE-2016-2076 Improper Authentication vulnerability in VMWare products
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
network
low complexity
vmware CWE-287
7.6
2015-12-21 CVE-2015-6934 Improper Input Validation vulnerability in VMWare Vcenter Orchestrator and Vrealize Orchestrator
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
network
low complexity
vmware CWE-20
7.3
2011-05-26 CVE-2010-4251 Resource Exhaustion vulnerability in multiple products
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
network
low complexity
linux vmware redhat CWE-400
7.5