Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-23 | CVE-2020-3997 | Cross-site Scripting vulnerability in VMWare Horizon VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. | 5.4 |
| 2020-10-22 | CVE-2020-3996 | Unspecified vulnerability in VMWare Velero Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | 5.5 |
| 2020-10-20 | CVE-2020-3995 | Memory Leak vulnerability in VMWare products In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. | 5.3 |
| 2020-10-20 | CVE-2020-3994 | Improper Certificate Validation vulnerability in VMWare Cloud Foundation and Vcenter Server VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. | 7.4 |
| 2020-10-20 | CVE-2020-3993 | Unspecified vulnerability in VMWare Cloud Foundation and Nsx-T Data Center VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. | 5.9 |
| 2020-10-20 | CVE-2020-3992 | Use After Free vulnerability in VMWare Esxi 6.5/6.7 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. | 9.8 |
| 2020-10-20 | CVE-2020-3982 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. | 7.7 |
| 2020-10-20 | CVE-2020-3981 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. | 5.8 |
| 2020-10-16 | CVE-2020-3991 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. | 7.1 |
| 2020-09-22 | CVE-2020-3977 | Missing Authentication for Critical Function vulnerability in VMWare Horizon Daas 7.0.0/8.0.0/8.0.1 VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. | 6.5 |