CVE-2016-7087 (horizon_view)

Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.

Source: CVE-2016-7087 (horizon_view)

CVE-2016-7460 (vrealize_automation)

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Source: CVE-2016-7460 (vrealize_automation)

CVE-2016-7458 (vsphere_client)

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Source: CVE-2016-7458 (vsphere_client)

CVE-2016-7462 (vrealize_operations)

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

Source: CVE-2016-7462 (vrealize_operations)

CVE-2016-7082 (workstation_player, workstation_pro)

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.

Source: CVE-2016-7082 (workstation_player, workstation_pro)

CVE-2016-7083 (workstation_player, workstation_pro)

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.

Source: CVE-2016-7083 (workstation_player, workstation_pro)

CVE-2016-5329 (fusion)

VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.

Source: CVE-2016-5329 (fusion)

CVE-2016-2246 (thinpro)

HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.

Source: CVE-2016-2246 (thinpro)

CVE-2016-5334 (identity_manger, vrealize_automation)

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

Source: CVE-2016-5334 (identity_manger, vrealize_automation)

CVE-2016-7457 (vrealize_operations)

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

Source: CVE-2016-7457 (vrealize_operations)