Filtered by vendor Vmware
Subscriptions
Total
892 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-3972 | 2 Apple, Vmware | 2 Macos, Tools | 2024-08-04 | 3.3 Low |
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. | ||||
CVE-2020-3975 | 1 Vmware | 1 App Volumes | 2024-08-04 | 5.4 Medium |
VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing. | ||||
CVE-2020-3963 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-08-04 | 5.5 Medium |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. | ||||
CVE-2020-3987 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2024-08-04 | 6.1 Medium |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | ||||
CVE-2020-3955 | 1 Vmware | 1 Esxi | 2024-08-04 | 9.3 Critical |
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3. | ||||
CVE-2020-3981 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2024-08-04 | 5.8 Medium |
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | ||||
CVE-2020-3986 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2024-08-04 | 6.1 Medium |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | ||||
CVE-2020-3956 | 2 Linux, Vmware | 3 Linux Kernel, Photon Os, Vcloud Director | 2024-08-04 | 8.8 High |
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. | ||||
CVE-2020-4006 | 3 Linux, Microsoft, Vmware | 7 Linux Kernel, Windows, Cloud Foundation and 4 more | 2024-08-04 | 9.1 Critical |
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | ||||
CVE-2020-3940 | 1 Vmware | 9 Workspace One Boxer, Workspace One Content, Workspace One Intelligent Hub and 6 more | 2024-08-04 | 5.9 Medium |
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | ||||
CVE-2020-3966 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-08-04 | 7.5 High |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | ||||
CVE-2020-3959 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2024-08-04 | 3.3 Low |
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. | ||||
CVE-2020-3941 | 2 Microsoft, Vmware | 2 Windows, Tools | 2024-08-04 | 7.0 High |
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. | ||||
CVE-2020-3943 | 2 Microsoft, Vmware | 2 Windows, Vrealize Operations | 2024-08-04 | 9.8 Critical |
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. | ||||
CVE-2020-3976 | 1 Vmware | 3 Cloud Foundation, Esxi, Vcenter Server | 2024-08-04 | 5.3 Medium |
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | ||||
CVE-2020-3990 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2024-08-04 | 6.5 Medium |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. | ||||
CVE-2020-3996 | 1 Vmware | 1 Velero | 2024-08-04 | 5.5 Medium |
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | ||||
CVE-2020-3944 | 2 Microsoft, Vmware | 2 Windows, Vrealize Operations | 2024-08-04 | 8.6 High |
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. | ||||
CVE-2020-3960 | 1 Vmware | 3 Fusion, Vsphere Esxi, Workstation | 2024-08-04 | 8.4 High |
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory. | ||||
CVE-2020-3997 | 1 Vmware | 1 Horizon | 2024-08-04 | 5.4 Medium |
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. |