Filtered by vendor Vmware
Subscriptions
Total
956 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6933 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2025-04-12 | N/A |
| The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. | ||||
| CVE-2016-2081 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-2077 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-12 | N/A |
| VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | ||||
| CVE-2016-2082 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2016-7079 | 2 Apple, Vmware | 2 Mac Os X, Tools | 2025-04-12 | N/A |
| The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080. | ||||
| CVE-2015-6934 | 1 Vmware | 2 Vcenter Orchestrator, Vrealize Orchestrator | 2025-04-12 | N/A |
| Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2014-4241 | 2 Oracle, Vmware | 4 Fusion Middleware, Esxi, Vcenter Server and 1 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. | ||||
| CVE-2015-6931 | 1 Vmware | 1 Vcenter Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2016-7457 | 1 Vmware | 1 Vrealize Operations | 2025-04-12 | N/A |
| VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. | ||||
| CVE-2015-2342 | 1 Vmware | 1 Vcenter Server | 2025-04-12 | N/A |
| The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol. | ||||
| CVE-2015-6932 | 1 Vmware | 1 Vcenter Server | 2025-04-12 | N/A |
| VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-2341 | 1 Vmware | 3 Fusion, Player, Workstation | 2025-04-12 | N/A |
| VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command. | ||||
| CVE-2016-7459 | 1 Vmware | 1 Vcenter Server | 2025-04-12 | N/A |
| VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2015-2339 | 2 Microsoft, Vmware | 6 Windows, Fusion, Horizon Client and 3 more | 2025-04-12 | N/A |
| TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338. | ||||
| CVE-2016-7085 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2025-04-12 | N/A |
| Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2015-1044 | 1 Vmware | 3 Esxi, Player, Workstation | 2025-04-12 | N/A |
| vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors. | ||||
| CVE-2015-0201 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-12 | N/A |
| The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. | ||||
| CVE-2014-8373 | 1 Vmware | 1 Vcloud Automation Center | 2025-04-12 | N/A |
| The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function. | ||||
| CVE-2014-8372 | 1 Vmware | 1 Airwatch | 2025-04-12 | N/A |
| AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. | ||||
| CVE-2014-8371 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-12 | N/A |
| VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. | ||||