Vulnerabilities > Vmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-21986 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. | 10.0 |
| 2021-05-26 | CVE-2021-21985 | Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. | 10.0 |
| 2021-03-03 | CVE-2021-21978 | Missing Authorization vulnerability in VMWare View Planner 4.6 VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. | 9.8 |
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2020-11-23 | CVE-2020-4006 | Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.0 |
| 2020-10-20 | CVE-2020-3992 | Use After Free vulnerability in VMWare Esxi 6.5/6.7 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. | 10.0 |
| 2020-01-02 | CVE-2016-1000027 | Deserialization of Untrusted Data vulnerability in VMWare Spring Framework Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. | 9.8 |
| 2019-12-06 | CVE-2019-5544 | Out-of-bounds Write vulnerability in multiple products OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. | 9.8 |
| 2019-05-15 | CVE-2019-5526 | Uncontrolled Search Path Element vulnerability in VMWare Workstation VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. | 9.3 |
| 2019-04-02 | CVE-2019-5515 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. | 9.0 |