Vulnerabilities > Vmware > Cloud Foundation > 3.0.1.1

DATE CVE VULNERABILITY TITLE RISK
2020-11-20 CVE-2020-4005 Improper Privilege Management vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.
local
low complexity
vmware CWE-269
7.2
2020-11-20 CVE-2020-4004 USE After Free vulnerability in VMWare products
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
4.6
2020-10-20 CVE-2020-3995 Memory Leak vulnerability in VMWare products
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability.
network
vmware CWE-401
3.5
2020-10-20 CVE-2020-3994 Improper Certificate Validation vulnerability in VMWare Cloud Foundation and Vcenter Server
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation.
network
vmware CWE-295
5.8
2020-10-20 CVE-2020-3993 Unspecified vulnerability in VMWare Cloud Foundation and Nsx-T Data Center
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager.
network
vmware
4.3
2020-10-20 CVE-2020-3992 USE After Free vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue.
network
low complexity
vmware CWE-416
critical
10.0
2020-10-20 CVE-2020-3982 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device.
network
vmware CWE-367
4.9
2020-10-20 CVE-2020-3981 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device.
network
vmware CWE-367
3.5
2020-08-21 CVE-2020-3976 Improper Authentication vulnerability in VMWare Cloud Foundation, Esxi and Vcenter Server
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services.
network
low complexity
vmware CWE-287
5.0
2020-06-25 CVE-2020-3971 Out-Of-Bounds Write vulnerability in VMWare products
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter.
local
low complexity
vmware CWE-787
2.1