Filtered by vendor Vmware
Subscribe
Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3991 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. | |||||
| CVE-2021-21976 | 1 Vmware | 1 Vsphere Replication | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution. | |||||
| CVE-2021-21972 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | |||||
| CVE-2021-1060 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2020-4001 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. | |||||
| CVE-2020-4006 | 3 Linux, Microsoft, Vmware | 7 Linux Kernel, Windows, Cloud Foundation and 4 more | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
| VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | |||||
| CVE-2020-5428 | 1 Vmware | 1 Spring Cloud Task | 2024-02-28 | 6.5 MEDIUM | 6.0 MEDIUM |
| In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | |||||
| CVE-2020-4002 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system. | |||||
| CVE-2020-3977 | 1 Vmware | 1 Horizon Daas | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | |||||
| CVE-2020-4005 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) | |||||
| CVE-2020-4000 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files. | |||||
| CVE-2020-3986 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2024-02-28 | 3.6 LOW | 6.1 MEDIUM |
| VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. | |||||
| CVE-2020-3958 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. | |||||
| CVE-2020-3952 | 1 Vmware | 1 Vcenter Server | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. | |||||
| CVE-2020-3974 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. | |||||
| CVE-2020-3976 | 1 Vmware | 3 Cloud Foundation, Esxi, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | |||||
| CVE-2020-3964 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. | |||||
| CVE-2020-3953 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | |||||
| CVE-2020-3963 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. | |||||
| CVE-2020-3947 | 1 Vmware | 2 Fusion, Workstation | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine. | |||||