Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-09 | CVE-2017-8041 | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | 6.1 |
| 2017-09-09 | CVE-2017-8040 | XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. | 6.5 |
| 2017-08-01 | CVE-2017-4922 | Information Exposure vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. | 6.5 |
| 2017-07-28 | CVE-2015-5191 | Race Condition vulnerability in VMWare Tools VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. | 6.7 |
| 2017-06-07 | CVE-2017-4905 | Use of Uninitialized Resource vulnerability in VMWare products VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. | 5.5 |
| 2017-06-07 | CVE-2017-4900 | NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. | 5.5 |
| 2017-06-07 | CVE-2017-4899 | Out-of-bounds Read vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. | 4.7 |
| 2017-05-31 | CVE-2017-4897 | Improper Input Validation vulnerability in VMWare Horizon Daas 6.1.6 VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. | 5.5 |
| 2017-05-22 | CVE-2017-4916 | NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. | 6.5 |
| 2016-12-29 | CVE-2016-7463 | Cross-site Scripting vulnerability in VMWare Esxi 5.5/6.0 Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. | 5.4 |