Filtered by vendor Vmware
Subscriptions
Total
909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5328 | 2 Apple, Vmware | 2 Mac Os X, Tools | 2024-11-21 | N/A |
| VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | ||||
| CVE-2016-5007 | 2 Pivotal Software, Vmware | 3 Spring Framework, Spring Framework, Spring Security | 2024-11-21 | N/A |
| Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. | ||||
| CVE-2016-2173 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Advanced Message Queuing Protocol | 2024-11-21 | 9.8 Critical |
| org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | ||||
| CVE-2016-2082 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2016-2081 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-2079 | 1 Vmware | 2 Nsx Edge, Vcloud Networking And Security Edge | 2024-11-21 | N/A |
| VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-2078 | 2 Microsoft, Vmware | 2 Windows, Vcenter Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter. | ||||
| CVE-2016-2077 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2024-11-21 | N/A |
| VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | ||||
| CVE-2016-2076 | 1 Vmware | 3 Vcenter Server, Vcloud Automation Identity Appliance, Vcloud Director | 2024-11-21 | N/A |
| Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. | ||||
| CVE-2016-2075 | 2 Linux, Vmware | 2 Linux Kernel, Vrealize Business Advanced And Enterprise | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-1000027 | 1 Vmware | 1 Spring Framework | 2024-11-21 | 9.8 Critical |
| Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. | ||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 10.0 Critical |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | ||||
| CVE-2015-6934 | 1 Vmware | 2 Vcenter Orchestrator, Vrealize Orchestrator | 2024-11-21 | N/A |
| Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2015-6933 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2024-11-21 | N/A |
| The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. | ||||
| CVE-2015-6932 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | N/A |
| VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-6931 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-5258 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Social | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | ||||
| CVE-2015-5211 | 2 Debian, Vmware | 2 Debian Linux, Spring Framework | 2024-11-21 | 9.6 Critical |
| Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. | ||||
| CVE-2015-5191 | 2 Linux, Vmware | 2 Linux Kernel, Tools | 2024-11-21 | N/A |
| VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | ||||
| CVE-2015-3650 | 1 Vmware | 3 Horizon View Client, Player, Workstation | 2024-11-21 | N/A |
| vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread. | ||||