CVSS: 5.8EPSS: 2%CPEs: 13EXPL: 0CVE-2016-7087 – VMware Horizon View loggerBean Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-7087
07 Oct 2016 — Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad de salto de directorio en el Connection Server en VMware Horizon View 5.x en versiones anteriores a 5.3.7, 6.x en versiones anteriores a 6.2.3 y 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos obtener información sensible a través de vectores no especificados. ... • http://www.securityfocus.com/bid/93455 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2015-3650 – VMware Security Advisory 2015-0005
https://notcve.org/view.php?id=CVE-2015-3650
10 Jul 2015 — vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread. Vmware-vmx.exe en VMware Workstation 7.x hasta 10.x anterior a 10.0.7 y 11.xanterior a 11.1.1, VMware Player 5.x y 6.x anterior a ... • http://www.securitytracker.com/id/1032822 • CWE-284: Improper Access Control •