VYPR
Vendor

VMware

VMware LLC is an American cloud computing and virtualization technology company headquartered in Palo Alto, California, U.S. On November 22, 2023, Broadcom acquired VMware in a cash-and-stock transaction valued at $69 billion, with the End-User Computing division of VMware then sold to KKR and rebranded to Omnissa. VMware was the first commercially successful company to virtualize the x86 architecture.

Founded 1998
Products
187
CVEs
967
Across products
1,397
Status
Private

Products

187
View all 187 products →

Recent CVEs

967
View all 967 CVEs →
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2018-6961HigKEVJun 11, 2018
    risk 0.75cvss 8.1epss 0.86

    VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the…

  • CVE-2010-1205CriJun 30, 2010
    risk 0.70cvss 9.8epss 0.43

    Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

  • CVE-2017-4901CriJun 8, 2017
    risk 0.69cvss 9.9epss 0.20

    The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

  • CVE-2016-7456CriDec 29, 2016
    risk 0.69cvss 9.8epss 0.33

    VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

  • CVE-2010-0211CriJul 28, 2010
    risk 0.69cvss 9.8epss 0.29

    The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN…

  • CVE-2017-4914CriJun 7, 2017
    risk 0.67cvss 9.8epss 0.09

    VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

  • CVE-2010-3904HigKEVDec 6, 2010
    risk 0.67cvss 7.8epss 0.11

    The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the…

  • CVE-2018-6968CriJun 11, 2018
    risk 0.65cvss 10.0epss 0.05

    The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the…

  • CVE-2016-7457CriDec 29, 2016
    risk 0.65cvss 10.0epss 0.03

    VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

  • CVE-2012-1516CriMay 4, 2012
    risk 0.65cvss 9.9epss 0.03

    The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving…

  • CVE-2018-6959CriApr 13, 2018
    risk 0.64cvss 9.8epss 0.02

    VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

  • CVE-2017-4947CriJan 29, 2018
    risk 0.64cvss 9.8epss 0.09

    VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

  • CVE-2017-4923CriAug 1, 2017
    risk 0.64cvss 9.8epss 0.02

    VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.

  • CVE-2017-4918CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.05

    VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client…

  • CVE-2017-4907CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.04

    VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.

  • CVE-2017-4917CriJun 7, 2017
    risk 0.64cvss 9.8epss 0.01

    VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

  • CVE-2017-6821CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.04

    Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-6813CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.03

    A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.