CVE-2016-7456 (vsphere_data_protection)
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
[월:] 2016년 12월
CVE-2016-7086 (workstation_player, workstation_pro)
CVE-2016-7086 (workstation_player, workstation_pro)
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.
CVE-2016-7085 (workstation_player, workstation_pro)
CVE-2016-7085 (workstation_player, workstation_pro)
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2016-7084 (workstation_player, workstation_pro)
CVE-2016-7084 (workstation_player, workstation_pro)
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
CVE-2016-7080 (tools)
CVE-2016-7080 (tools)
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
Source: CVE-2016-7080 (tools)
CVE-2016-7079 (tools)
CVE-2016-7079 (tools)
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
Source: CVE-2016-7079 (tools)
CVE-2016-7081 (workstation_player, workstation_pro)
CVE-2016-7081 (workstation_player, workstation_pro)
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVE-2016-7461 (fusion, fusion_pro, workstation_player, workstation_pro)
CVE-2016-7461 (fusion, fusion_pro, workstation_player, workstation_pro)
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
Source: CVE-2016-7461 (fusion, fusion_pro, workstation_player, workstation_pro)
CVE-2016-5328 (tools)
CVE-2016-5328 (tools)
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
Source: CVE-2016-5328 (tools)
CVE-2016-7459
CVE-2016-7459
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Source: CVE-2016-7459