Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-11 | CVE-2017-4949 | Use After Free vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. | 6.9 |
| 2018-01-05 | CVE-2017-4948 | Information Exposure vulnerability in VMWare Horizon View and Workstation VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. | 6.6 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 4.7 |
| 2017-12-20 | CVE-2017-4941 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. | 6.0 |
| 2017-12-20 | CVE-2017-4940 | Cross-site Scripting vulnerability in VMWare Esxi 5.5/6.0 The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). | 4.3 |
| 2017-12-20 | CVE-2017-4933 | Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation PRO VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. | 6.0 |
| 2017-12-13 | CVE-2017-4942 | Unspecified vulnerability in VMWare Airwatch Console VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. | 4.0 |
| 2017-11-27 | CVE-2017-8044 | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | 4.3 |
| 2017-11-17 | CVE-2017-4939 | Untrusted Search Path vulnerability in VMWare Workstation VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. | 6.8 |
| 2017-11-17 | CVE-2017-4937 | Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. | 6.9 |