Vulnerabilities > Vmware > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-17 | CVE-2020-5397 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 2.6 |
| 2019-11-22 | CVE-2019-11291 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. | 3.5 |
| 2019-10-28 | CVE-2019-5536 | Improper Input Validation vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. | 3.5 |
| 2019-10-10 | CVE-2019-5535 | Improper Input Validation vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. | 2.9 |
| 2019-06-06 | CVE-2019-5522 | Out-of-bounds Read vulnerability in VMWare Tools VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. | 3.6 |
| 2018-11-26 | CVE-2018-11076 | Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. | 3.3 |
| 2018-09-11 | CVE-2018-6975 | Missing Encryption of Sensitive Data vulnerability in VMWare Intelligent HUB The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. | 2.1 |
| 2018-07-25 | CVE-2018-6971 | Information Exposure Through Log Files vulnerability in VMWare Horizon View Agents VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). | 2.1 |
| 2018-05-22 | CVE-2018-6963 | NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. | 2.1 |
| 2018-03-15 | CVE-2018-6957 | Missing Release of Resource after Effective Lifetime vulnerability in VMWare Fusion, Workstation Player and Workstation PRO VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. | 3.5 |