Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-07 | CVE-2020-5412 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in VMWare Spring Cloud Netflix Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. | 6.5 |
| 2020-07-31 | CVE-2020-5414 | Information Exposure Through Log Files vulnerability in VMWare products VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. | 5.7 |
| 2020-07-31 | CVE-2020-5413 | Deserialization of Untrusted Data vulnerability in multiple products Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. | 9.8 |
| 2020-07-31 | CVE-2020-5396 | Missing Authorization vulnerability in VMWare Gemfire and Tanzu Gemfire for Virtual Machines VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. | 8.8 |
| 2020-07-31 | CVE-2019-11286 | Deserialization of Untrusted Data vulnerability in VMWare Gemfire and Tanzu Gemfire for Virtual Machines VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. | 9.1 |
| 2020-07-30 | CVE-2020-10713 | Classic Buffer Overflow vulnerability in multiple products A flaw was found in grub2, prior to version 2.06. | 8.2 |
| 2020-07-10 | CVE-2020-3974 | Unspecified vulnerability in VMWare Fusion, Horizon Client and Remote Console VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. | 7.8 |
| 2020-07-08 | CVE-2020-3973 | SQL Injection vulnerability in VMWare Velocloud Orchestrator The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. | 8.8 |
| 2020-06-25 | CVE-2020-3971 | Out-of-bounds Write vulnerability in VMWare products VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. | 5.5 |
| 2020-06-25 | CVE-2020-3970 | Out-of-bounds Read vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. | 3.8 |