Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-21994 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.
network
vmware CWE-287
6.8
2021-07-13 CVE-2021-21995 Out-Of-Bounds Read vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue.
network
low complexity
vmware CWE-125
5.0
2021-07-13 CVE-2021-22000 Improper Privilege Management vulnerability in VMWare Thinapp
VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs.
local
vmware CWE-269
6.9
2021-06-29 CVE-2021-22119 Incorrect Authorization vulnerability in VMWare Spring Security
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application.
network
low complexity
vmware CWE-863
5.0
2021-06-28 CVE-2021-32719 Cross-Site Scripting vulnerability in VMWare Rabbitmq
RabbitMQ is a multi-protocol messaging broker.
network
vmware CWE-79
3.5
2021-06-28 CVE-2021-32718 Cross-Site Scripting vulnerability in VMWare Rabbitmq
RabbitMQ is a multi-protocol messaging broker.
network
vmware CWE-79
3.5
2021-06-23 CVE-2021-21998 Improper Authentication vulnerability in VMWare Carbon Black APP Control
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass.
network
low complexity
vmware CWE-287
7.5
2021-06-23 CVE-2021-21999 Improper Input Validation vulnerability in VMWare APP Volumes, Remote Console and Tools
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability.
local
low complexity
vmware CWE-20
7.2
2021-06-18 CVE-2021-21997 Unspecified vulnerability in VMWare Tools
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver.
local
low complexity
vmware
4.9
2021-06-08 CVE-2021-22116 Improper Input Validation vulnerability in VMWare Rabbitmq
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint.
network
vmware CWE-20
4.3