Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware horizon vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2017-4897
VMware Horizon DaaS prior to 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation...
Vmware Horizon Daas
8.8
CVSSv3
CVE-2018-6960
VMware Horizon DaaS (7.x prior to 8.0.0) contains a broken authentication vulnerability that may allow an malicious user to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
Vmware Horizon Daas
7.8
CVSSv3
CVE-2018-6964
VMware Horizon Client for Linux (4.x prior to 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine wher...
Vmware Horizon Client
7.8
CVSSv3
CVE-2020-3961
VMware Horizon Client for Windows (before 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.
Vmware Horizon Client
7.1
CVSSv3
CVE-2020-3991
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an malicious user to overwrite certain admin privileged files through a...
Vmware Horizon Client
6.5
CVSSv3
CVE-2020-3998
VMware Horizon Client for Windows (5.x before 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.
Vmware Horizon Client
7.8
CVSSv3
CVE-2018-6971
VMware Horizon View Agents (7.x.x prior to 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installat...
Vmware Horizon View Agents
8.8
CVSSv3
CVE-2019-5527
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
Vmware Workstation
Vmware Horizon
Vmware Remote Console
Vmware Fusion
Vmware Esxi 6.0
Vmware Esxi 6.5
Vmware Esxi 6.7
7.8
CVSSv3
CVE-2017-4946
The VMware V4H and V4PA desktop agents (6.x prior to 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
Vmware Vrealize Operations For Published Applications
Vmware Vrealize Operations For Horizon
NA
CVE-2015-3650
vmware-vmx.exe in VMware Workstation 7.x up to and including 10.x prior to 10.0.7 and 11.x prior to 11.1.1, VMware Player 5.x and 6.x prior to 6.0.7 and 7.x prior to 7.1.1, and VMware Horizon Client 5.x local-mode prior to 5.4.2 on Windows does not provide a valid DACL pointer du...
Vmware Player 6.0
Vmware Player 7.1
Vmware Player 5.0.2
Vmware Player 5.0.3
Vmware Player 5.0.1
Vmware Player 6.0.6
Vmware Player 5.0.4
Vmware Player 5.0
Vmware Player 6.0.4
Vmware Player 7.0
Vmware Player 6.0.2
Vmware Player 6.0.3
Vmware Player 6.0.5
Vmware Player 6.0.1
Vmware Workstation 10.0.4
Vmware Workstation 10.0.3
Vmware Workstation 10.0
Vmware Workstation 10.0.2
Vmware Workstation 10.0.6
Vmware Workstation 11.0
Vmware Workstation 10.0.1
Vmware Workstation 10.0.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »