Skip to main content
CVE-2016-7456 CRITICAL POC THREAT Emergency

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%.

VMware Authentication Bypass Vsphere Data Protection
NVD
CVSS 3.0
9.8
EPSS
82.1%
Threat
5.9
CVE-2016-10081 HIGH POC This Week

/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shutter
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.9%
CVE-2016-7084 HIGH POC This Week

tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to. Rated high severity (CVSS 7.8). Public exploit code available and no vendor patch available.

VMware Denial Of Service Buffer Overflow Microsoft RCE +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.7%
CVE-2016-7083 HIGH POC This Week

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary. Rated high severity (CVSS 7.8). Public exploit code available and no vendor patch available.

VMware Denial Of Service Buffer Overflow Microsoft RCE +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-7457 CRITICAL Act Now

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vrealize Operations
NVD
CVSS 3.0
10.0
EPSS
1.5%
CVE-2016-9877 CRITICAL Act Now

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rabbitmq Server Rabbitmq
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-7460 CRITICAL Act Now

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE VMware Vrealize Automation
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2016-7462 HIGH This Week

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Privilege Escalation VMware Vrealize Operations
NVD
CVSS 3.0
8.5
EPSS
1.7%
CVE-2016-7461 HIGH This Week

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow VMware Fusion +3
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9878 HIGH PATCH This Week

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Spring Framework
NVD
CVSS 3.0
7.5
EPSS
4.9%
CVE-2015-0854 HIGH PATCH This Week

App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Shutter
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-7081 HIGH This Week

Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled,. Rated high severity (CVSS 7.8). No vendor patch available.

RCE Buffer Overflow VMware Microsoft Workstation Player +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-7085 HIGH This Week

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Microsoft Workstation Player Workstation Pro
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-7080 HIGH This Week

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference VMware Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-7079 HIGH This Week

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference VMware Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-7082 HIGH This Week

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary. Rated high severity (CVSS 7.8). No vendor patch available.

VMware Denial Of Service Buffer Overflow Microsoft RCE +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2246 HIGH PATCH This Week

HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

HP Privilege Escalation Thinpro
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-7459 HIGH PATCH This Week

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE VMware Vcenter Server
NVD
CVSS 3.0
7.7
EPSS
0.5%
CVE-2016-7086 HIGH This Week

The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Microsoft Workstation Player Workstation Pro
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-8743 HIGH PATCH This Week

QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Qemu Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2016-9845 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9846 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9916 MEDIUM PATCH This Month

Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9915 MEDIUM PATCH This Month

Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9914 MEDIUM PATCH This Month

Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9913 MEDIUM PATCH This Month

Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2015-8701 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-7458 MEDIUM This Month

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE VMware Vsphere Client
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2016-7087 MEDIUM PATCH This Month

Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal VMware Horizon View
NVD
CVSS 3.0
5.3
EPSS
2.9%
CVE-2016-2197 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-2198 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2015-8818 MEDIUM This Month

The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2015-8817 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Qemu
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-1922 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Microsoft Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2015-8745 MEDIUM This Month

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2015-8744 MEDIUM This Month

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-9776 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-1981 MEDIUM PATCH This Month

QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-5329 MEDIUM This Month

VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Fusion
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-5328 MEDIUM This Month

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Tools
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-9891 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Dotclear
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-7463 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS VMware ESXi
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5334 MEDIUM PATCH This Month

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure VMware Identity Manager Vrealize Automation
NVD
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy