CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7457
https://notcve.org/view.php?id=CVE-2016-7457
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. VMware vRealize Operations (también conocido como vROps) 6.x en versiones anteriores a 6.4.0 permite a usuarios remotos autenticados obtener privilegios o detener y eliminar máquinas virtuales, a través de vectores no especificados. • http://www.securityfocus.com/bid/93499 http://www.securitytracker.com/id/1036999 http://www.vmware.com/security/advisories/VMSA-2016-0016.html https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 15%CPEs: 13EXPL: 0CVE-2016-7087 – VMware Horizon View loggerBean Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-7087
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad de salto de directorio en el Connection Server en VMware Horizon View 5.x en versiones anteriores a 5.3.7, 6.x en versiones anteriores a 6.2.3 y 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos obtener información sensible a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Horizon View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the loggerBean service. The loadConfig method does not properly sanitize the path supplied. • http://www.securityfocus.com/bid/93455 http://www.securitytracker.com/id/1036972 http://www.vmware.com/security/advisories/VMSA-2016-0015.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-7084 – VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions
https://notcve.org/view.php?id=CVE-2016-7084
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image. tpview.dll en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtual Cortado ThinPrint está habilitada, permite a usuarios invitados del SO ejecutar código arbitrario en el SO anfitrión o provocar una denegación de servicio (corrupción de memoria del SO anfitrión) a través de una imagen JPEG 2000. VMWare Workstation vprintproxy.exe suffers from multiple memory corruption and other crashes in the handling of JPEG2000 images. • https://www.exploit-db.com/exploits/40399 http://www.securityfocus.com/bid/92934 http://www.securitytracker.com/id/1036805 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-7082
https://notcve.org/view.php?id=CVE-2016-7082
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file. VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtual Cortado ThinPrint está habilitada, permiten a usuarios invitados del SO ejecutar código arbitrario en el SO anfitrión o provocar una denegación de servicio (corrupción de memoria del SO anfitrión) a través de un archivo EMF. • http://www.securityfocus.com/bid/92934 http://www.securitytracker.com/id/1036805 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-7083 – VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2016-7083
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL. VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtual Cortado ThinPrint está habilitada, permiten a usuarios invitados del SO ejecutar código arbitrario en el SO anfitrión o provocar una denegación de servicio (corrupción de memoria del SO anfitrión) a través de fuentes TrueType embebidas en EMFSPOOL. VMWare Workstation vprintproxy.exe suffers from a heap buffer overflow vulnerability in the handling of TrueType NAME tables. • https://www.exploit-db.com/exploits/40398 http://www.securityfocus.com/bid/92934 http://www.securitytracker.com/id/1036805 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •