Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-4936 | Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. | 6.9 |
| 2017-11-17 | CVE-2017-4935 | Out-of-bounds Write vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. | 6.9 |
| 2017-11-17 | CVE-2017-4929 | Cross-site Scripting vulnerability in VMWare NSX Edge VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | 4.3 |
| 2017-11-17 | CVE-2017-4928 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 5.5/6.0 The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. | 5.0 |
| 2017-11-17 | CVE-2017-4927 | LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5 VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | 5.0 |
| 2017-11-16 | CVE-2017-4932 | Unspecified vulnerability in VMWare Airwatch Launcher VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. | 4.6 |
| 2017-11-16 | CVE-2017-4931 | Improper Input Validation vulnerability in VMWare Airwatch VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. | 6.8 |
| 2017-09-09 | CVE-2017-8041 | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | 4.3 |
| 2017-09-09 | CVE-2017-8040 | XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. | 4.0 |
| 2017-08-22 | CVE-2015-5258 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | 6.8 |