Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-13	CVE-2018-6958	Cross-site Scripting vulnerability in VMWare Vrealize Automation VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. network low complexity vmware CWE-79	6.1
2018-04-06	CVE-2018-1271	Path Traversal vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. network high complexity vmware oracle CWE-22	5.9
2018-03-19	CVE-2018-1196	Link Following vulnerability in VMWare Spring Boot Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. network high complexity vmware CWE-59	5.9
2018-03-16	CVE-2018-1199	Improper Input Validation vulnerability in multiple products Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. network low complexity vmware redhat oracle CWE-20	5.3
2018-03-15	CVE-2018-6957	Missing Release of Resource after Effective Lifetime vulnerability in VMWare Fusion, Workstation Player and Workstation PRO VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. network high complexity vmware CWE-772	5.3
2018-01-05	CVE-2017-4945	Unspecified vulnerability in VMWare Fusion and Workstation VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. local low complexity vmware	5.5
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	5.6
2017-12-20	CVE-2017-4940	Cross-site Scripting vulnerability in VMWare Esxi 6.0/6.5 The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). network low complexity vmware CWE-79	6.1
2017-12-13	CVE-2017-4942	Unspecified vulnerability in VMWare Airwatch Console VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. network low complexity vmware	4.9
2017-12-05	CVE-2017-4920	Resource Exhaustion vulnerability in VMWare Nsx-V Edge The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). network high complexity vmware CWE-400	5.9