Filtered by vendor Vmware
Subscribe
Total
922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5541 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2019-11-25 | 6.5 MEDIUM | 9.1 CRITICAL |
| VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM. | |||||
| CVE-2018-6980 | 1 Vmware | 1 Vrealize Log Insight | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform. | |||||
| CVE-2018-5511 | 3 F5, Microsoft, Vmware | 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | |||||
| CVE-2018-6957 | 1 Vmware | 3 Fusion, Workstation Player, Workstation Pro | 2019-10-03 | 3.5 LOW | 5.3 MEDIUM |
| VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. | |||||
| CVE-2018-11066 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. | |||||
| CVE-2017-4923 | 1 Vmware | 1 Vcenter Server | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | |||||
| CVE-2017-4932 | 2 Google, Vmware | 2 Android, Airwatch Launcher | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege. | |||||
| CVE-2017-4946 | 1 Vmware | 2 Vrealize Operations For Horizon, Vrealize Operations For Published Applications | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. | |||||
| CVE-2017-4895 | 1 Vmware | 2 Airwatch Agent, Airwatch Inbox | 2019-10-03 | 4.6 MEDIUM | 8.8 HIGH |
| Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data. | |||||
| CVE-2017-4915 | 2 Linux, Vmware | 3 Linux Kernel, Workstation Player, Workstation Pro | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine. | |||||
| CVE-2018-6962 | 1 Vmware | 1 Fusion | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | |||||
| CVE-2017-4896 | 1 Vmware | 2 Airwatch Agent, Airwatch Inbox | 2019-10-03 | 2.1 LOW | 3.8 LOW |
| Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. | |||||
| CVE-2018-6964 | 2 Linux, Vmware | 2 Linux Kernel, Horizon Client | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed. | |||||
| CVE-2017-4919 | 1 Vmware | 1 Vcenter Server | 2019-10-03 | 6.8 MEDIUM | 9.0 CRITICAL |
| VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. | |||||
| CVE-2017-4917 | 1 Vmware | 1 Vsphere Data Protection | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. | |||||
| CVE-2017-4898 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2019-10-03 | 6.9 MEDIUM | 8.8 HIGH |
| VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. | |||||
| CVE-2017-4921 | 1 Vmware | 1 Vcenter Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation. | |||||
| CVE-2018-6977 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2019-10-03 | 4.9 MEDIUM | 6.5 MEDIUM |
| VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. | |||||
| CVE-2018-6978 | 1 Vmware | 1 Vrealize Operations | 2019-10-03 | 7.2 HIGH | 6.7 MEDIUM |
| vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. | |||||
| CVE-2018-6968 | 1 Vmware | 1 Airwatch Agent | 2019-10-03 | 7.5 HIGH | 10.0 CRITICAL |
| The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator. | |||||