Vulnerabilities > Vmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-26 CVE-2018-11077 OS Command Injection vulnerability in multiple products
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability.
local
low complexity
dell vmware CWE-78
6.7
6.7
2018-11-26 CVE-2018-11076 Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability.
low complexity
dell vmware
6.5
6.5
2018-11-26 CVE-2018-11067 Open Redirect vulnerability in multiple products
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability.
network
low complexity
dell vmware CWE-601
6.1
6.1
2018-10-09 CVE-2018-6977 Infinite Loop vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader.
local
low complexity
vmware CWE-835
6.5
6.5
2018-09-14 CVE-2018-11087 Improper Certificate Validation vulnerability in multiple products
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation.
network
high complexity
pivotal-software vmware CWE-295
5.9
5.9
2018-09-11 CVE-2018-6976 Missing Encryption of Sensitive Data vulnerability in VMWare Workspace ONE
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database.
network
low complexity
vmware CWE-311
5.3
5.3
2018-09-11 CVE-2018-6975 Missing Encryption of Sensitive Data vulnerability in VMWare Intelligent HUB
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.
local
low complexity
vmware CWE-311
5.5
5.5
2018-08-13 CVE-2018-6970 Out-of-bounds Read vulnerability in VMWare Horizon Client and Horizon View
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library.
network
low complexity
vmware CWE-125
6.5
6.5
2018-07-25 CVE-2018-6972 NULL Pointer Dereference vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler.
network
low complexity
vmware CWE-476
6.5
6.5
2018-06-25 CVE-2018-11039 Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC.
network
high complexity
vmware oracle debian
5.9
5.9