Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-29 | CVE-2016-7458 | XXE vulnerability in VMWare Vsphere Client 5.5/6.0 VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.8 |
| 2016-12-29 | CVE-2016-7087 | Path Traversal vulnerability in VMWare Horizon View Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2016-12-29 | CVE-2016-5334 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Identity Manager and Vrealize Automation VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | 5.3 |
| 2016-12-29 | CVE-2016-5329 | Information Exposure vulnerability in VMWare Fusion VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | 5.5 |
| 2016-12-29 | CVE-2016-5328 | 7PK - Security Features vulnerability in VMWare Tools VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | 5.5 |
| 2016-08-31 | CVE-2016-5332 | Path Traversal vulnerability in VMWare Vrealize LOG Insight Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.3 |
| 2016-08-08 | CVE-2016-5331 | CRLF Injection vulnerability in VMWare Esxi and Vcenter Server CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.1 |
| 2016-07-12 | CVE-2015-3192 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. | 5.5 |
| 2016-07-03 | CVE-2016-2081 | Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-07-03 | CVE-2016-2079 | Information Exposure vulnerability in VMWare NSX Edge and Vcloud Networking and Security Edge VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. | 5.9 |