Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-21 | CVE-2020-3999 | Null Pointer Dereference vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. | 2.1 |
| 2020-12-16 | CVE-2020-4008 | Unspecified vulnerability in VMWare Carbon Black Cloud The installer of the macOS Sensor for VMware Carbon Black Cloud prior to 3.5.1 handles certain files in an insecure way. | 3.6 |
| 2020-11-24 | CVE-2020-4003 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. | 4.0 |
| 2020-11-24 | CVE-2020-4002 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. | 6.5 |
| 2020-11-24 | CVE-2020-4001 | USE of Hard-Coded Credentials vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. | 7.5 |
| 2020-11-24 | CVE-2020-4000 | Path Traversal vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. | 6.5 |
| 2020-11-24 | CVE-2020-3985 | Improper Privilege Management vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. | 6.5 |
| 2020-11-24 | CVE-2020-3984 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. | 4.0 |
| 2020-11-23 | CVE-2020-4006 | Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.0 |
| 2020-11-20 | CVE-2020-4005 | Improper Privilege Management vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. | 7.2 |