Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-20 | CVE-2020-4005 | Unspecified vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. | 7.8 |
| 2020-11-20 | CVE-2020-4004 | Use After Free vulnerability in VMWare products VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. | 8.2 |
| 2020-10-31 | CVE-2020-5425 | Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu 1.12.0/1.13.0 Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. | 7.9 |
| 2020-10-20 | CVE-2020-3994 | Improper Certificate Validation vulnerability in VMWare Cloud Foundation and Vcenter Server VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. | 7.4 |
| 2020-10-20 | CVE-2020-3982 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. | 7.7 |
| 2020-10-16 | CVE-2020-3991 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. | 7.1 |
| 2020-07-31 | CVE-2020-5396 | Missing Authorization vulnerability in VMWare Gemfire and Tanzu Gemfire for Virtual Machines VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. | 8.8 |
| 2020-07-30 | CVE-2020-10713 | Classic Buffer Overflow vulnerability in multiple products A flaw was found in grub2, prior to version 2.06. | 8.2 |
| 2020-07-10 | CVE-2020-3974 | Unspecified vulnerability in VMWare Fusion, Horizon Client and Remote Console VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. | 7.8 |
| 2020-07-08 | CVE-2020-3973 | SQL Injection vulnerability in VMWare Velocloud Orchestrator The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. | 8.8 |