Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-8044 | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | 6.1 |
| 2017-11-17 | CVE-2017-4938 | NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. | 6.5 |
| 2017-11-17 | CVE-2017-4929 | Cross-site Scripting vulnerability in VMWare NSX Edge VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | 6.1 |
| 2017-11-16 | CVE-2017-4930 | Cross-site Scripting vulnerability in VMWare Airwatch VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. | 5.4 |
| 2017-09-15 | CVE-2017-4926 | Cross-site Scripting vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). | 5.4 |
| 2017-09-15 | CVE-2017-4925 | NULL Pointer Dereference vulnerability in VMWare products VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. | 5.5 |
| 2017-09-09 | CVE-2017-8041 | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | 6.1 |
| 2017-09-09 | CVE-2017-8040 | XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. | 6.5 |
| 2017-08-01 | CVE-2017-4922 | Information Exposure vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. | 6.5 |
| 2017-07-28 | CVE-2015-5191 | Race Condition vulnerability in VMWare Tools VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. | 6.7 |