Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-3999 Null Pointer Dereference vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo.
local
low complexity
vmware CWE-476
2.1
2020-12-16 CVE-2020-4008 Unspecified vulnerability in VMWare Carbon Black Cloud
The installer of the macOS Sensor for VMware Carbon Black Cloud prior to 3.5.1 handles certain files in an insecure way.
local
low complexity
vmware
3.6
2020-11-24 CVE-2020-4003 SQL Injection vulnerability in VMWare Sd-Wan Orchestrator
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure.
network
low complexity
vmware CWE-89
4.0
2020-11-24 CVE-2020-4002 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Sd-Wan Orchestrator
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way.
network
low complexity
vmware CWE-732
6.5
2020-11-24 CVE-2020-4001 USE of Hard-Coded Credentials vulnerability in VMWare Sd-Wan Orchestrator
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack.
network
low complexity
vmware CWE-798
7.5
2020-11-24 CVE-2020-4000 Path Traversal vulnerability in VMWare Sd-Wan Orchestrator
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal.
network
low complexity
vmware CWE-22
6.5
2020-11-24 CVE-2020-3985 Improper Privilege Management vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue.
network
low complexity
vmware CWE-269
6.5
2020-11-24 CVE-2020-3984 SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection.
network
low complexity
vmware CWE-89
4.0
2020-11-23 CVE-2020-4006 Command Injection vulnerability in VMWare products
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
network
low complexity
vmware CWE-77
critical
9.0
2020-11-20 CVE-2020-4005 Improper Privilege Management vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.
local
low complexity
vmware CWE-269
7.2