Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2020-07-31 CVE-2019-11286 Deserialization of Untrusted Data vulnerability in VMWare Gemfire and Tanzu Gemfire for Virtual Machines
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input.
network
low complexity
vmware CWE-502
critical
 9.1
9.1
2020-07-30 CVE-2020-10713 Classic Buffer Overflow vulnerability in multiple products
A flaw was found in grub2, prior to version 2.06.
local
low complexity
gnu debian opensuse vmware CWE-120
8.2
8.2
2020-07-10 CVE-2020-3974 Unspecified vulnerability in VMWare Fusion, Horizon Client and Remote Console
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation.
local
low complexity
vmware
7.8
7.8
2020-07-08 CVE-2020-3973 SQL Injection vulnerability in VMWare Velocloud Orchestrator
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection.
network
low complexity
vmware CWE-89
8.8
8.8
2020-06-25 CVE-2020-3971 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter.
local
low complexity
vmware CWE-787
5.5
5.5
2020-06-25 CVE-2020-3970 Out-of-bounds Read vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality.
local
low complexity
vmware CWE-125
3.8
3.8
2020-06-25 CVE-2020-3968 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI).
local
low complexity
vmware CWE-787
8.2
8.2
2020-06-25 CVE-2020-3967 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI).
local
high complexity
vmware CWE-787
7.5
7.5
2020-06-25 CVE-2020-3966 Race Condition vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI).
local
high complexity
vmware CWE-362
7.5
7.5
2020-06-25 CVE-2020-3965 Out-of-bounds Read vulnerability in VMWare products
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller.
local
low complexity
vmware CWE-125
5.5
5.5