Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Total 896 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7461 2 Microsoft, Vmware 5 Windows, Fusion, Fusion Pro and 2 more 2024-11-21 7.2 HIGH 8.8 HIGH
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
CVE-2016-7460 1 Vmware 1 Vrealize Automation 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-7459 1 Vmware 1 Vcenter Server 2024-11-21 4.0 MEDIUM 7.7 HIGH
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-7458 1 Vmware 1 Vsphere Client 2024-11-21 5.0 MEDIUM 5.8 MEDIUM
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-7457 1 Vmware 1 Vrealize Operations 2024-11-21 8.0 HIGH 10.0 CRITICAL
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
CVE-2016-7456 1 Vmware 1 Vsphere Data Protection 2024-11-21 10.0 HIGH 9.8 CRITICAL
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
CVE-2016-7087 2 Microsoft, Vmware 2 Windows, Horizon View 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-7086 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 7.2 HIGH 7.8 HIGH
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.
CVE-2016-7085 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 7.2 HIGH 7.8 HIGH
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2016-7084 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 6.9 MEDIUM 7.8 HIGH
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
CVE-2016-7083 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 5.9 MEDIUM 7.8 HIGH
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
CVE-2016-7082 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 5.9 MEDIUM 7.8 HIGH
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.
CVE-2016-7081 2 Microsoft, Vmware 3 Windows, Workstation Player, Workstation Pro 2024-11-21 6.9 MEDIUM 7.8 HIGH
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVE-2016-7080 2 Apple, Vmware 2 Mac Os X, Tools 2024-11-21 4.6 MEDIUM 7.8 HIGH
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
CVE-2016-7079 2 Apple, Vmware 2 Mac Os X, Tools 2024-11-21 4.6 MEDIUM 7.8 HIGH
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
CVE-2016-5336 1 Vmware 1 Vrealize Automation 2024-11-21 7.5 HIGH 9.8 CRITICAL
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-5335 1 Vmware 2 Identity Manager, Vrealize Automation 2024-11-21 7.2 HIGH 7.8 HIGH
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
CVE-2016-5334 1 Vmware 2 Identity Manager, Vrealize Automation 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
CVE-2016-5333 1 Vmware 1 Photon Os 2024-11-21 9.3 HIGH 9.8 CRITICAL
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
CVE-2016-5332 1 Vmware 1 Vrealize Log Insight 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.