Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2017-4910 | Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. | 6.9 |
| 2017-06-08 | CVE-2017-4909 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. | 6.9 |
| 2017-06-08 | CVE-2017-4908 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. | 6.9 |
| 2017-06-07 | CVE-2017-4898 | DLL Loading Remote Code Execution vulnerability in Multiple VMware Workstation Products VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. local vmware | 6.9 |
| 2017-06-07 | CVE-2017-4917 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Vsphere Data Protection VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. | 5.0 |
| 2017-05-25 | CVE-2016-5007 | Permissions, Privileges, and Access Controls vulnerability in multiple products Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. | 5.0 |
| 2017-05-25 | CVE-2014-0225 | XXE vulnerability in multiple products When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. | 6.8 |
| 2017-05-22 | CVE-2017-4916 | NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. | 6.8 |
| 2017-05-10 | CVE-2017-4895 | Security Bypass vulnerability in Airwatch Agent for Android Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. | 4.6 |
| 2017-01-06 | CVE-2016-9879 | Channel and Path Errors vulnerability in multiple products An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. | 5.0 |