Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-17 | CVE-2020-3951 | Out-of-bounds Write vulnerability in VMWare Horizon Client and Workstation VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. | 3.8 |
| 2020-03-17 | CVE-2020-3950 | Improper Privilege Management vulnerability in VMWare Fusion, Horizon Client and Remote Console VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. | 7.8 |
| 2020-03-16 | CVE-2020-3948 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Fusion and Workstation Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. | 7.8 |
| 2020-03-16 | CVE-2020-3947 | Use After Free vulnerability in VMWare Fusion and Workstation VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. | 8.8 |
| 2020-03-16 | CVE-2019-5543 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client, Remote Console and Workstation For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. | 7.8 |
| 2020-03-05 | CVE-2020-5405 | Path Traversal vulnerability in VMWare Spring Cloud Config Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 6.5 |
| 2020-02-19 | CVE-2020-3945 | Unspecified vulnerability in VMWare Vrealize Operations 6.6.0/6.7.0 vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. | 7.5 |
| 2020-02-19 | CVE-2020-3944 | Improper Authentication vulnerability in VMWare Vrealize Operations 6.6.0/6.7.0 vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. | 8.6 |
| 2020-02-19 | CVE-2020-3943 | Unspecified vulnerability in VMWare Vrealize Operations 6.6.0/6.7.0 vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. | 9.8 |
| 2020-01-17 | CVE-2020-5397 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 5.3 |