Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-4006 | OS Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.1 |
| 2020-11-20 | CVE-2020-4005 | Unspecified vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. | 7.8 |
| 2020-11-20 | CVE-2020-4004 | Use After Free vulnerability in VMWare products VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. | 8.2 |
| 2020-11-11 | CVE-2020-5426 | Cleartext Transmission of Sensitive Information vulnerability in VMWare Pivotal Scheduler Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. | 9.8 |
| 2020-10-31 | CVE-2020-5425 | Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu 1.12.0/1.13.0 Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. | 7.9 |
| 2020-10-23 | CVE-2020-3998 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. | 6.5 |
| 2020-10-23 | CVE-2020-3997 | Cross-site Scripting vulnerability in VMWare Horizon VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. | 5.4 |
| 2020-10-22 | CVE-2020-3996 | Unspecified vulnerability in VMWare Velero Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | 5.5 |
| 2020-10-20 | CVE-2020-3995 | Memory Leak vulnerability in VMWare products In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. | 5.3 |
| 2020-10-20 | CVE-2020-3994 | Improper Certificate Validation vulnerability in VMWare Cloud Foundation and Vcenter Server VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. | 7.4 |