Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-3961 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. | 7.8 |
| 2020-06-02 | CVE-2020-5410 | Path Traversal vulnerability in VMWare Spring Cloud Config Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 7.5 |
| 2020-05-29 | CVE-2020-3957 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Fusion, Horizon Client and Remote Console VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. | 7.0 |
| 2020-05-20 | CVE-2020-3956 | Expression Language Injection vulnerability in VMWare Vcloud Director VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. | 8.8 |
| 2020-04-20 | CVE-2020-3946 | XML Entity Expansion vulnerability in VMWare Installbuilder InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). | 7.5 |
| 2020-03-17 | CVE-2020-3950 | Improper Privilege Management vulnerability in VMWare Fusion, Horizon Client and Remote Console VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. | 7.8 |
| 2020-03-16 | CVE-2020-3948 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Fusion and Workstation Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. | 7.8 |
| 2020-03-16 | CVE-2020-3947 | Use After Free vulnerability in VMWare Fusion and Workstation VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. | 8.8 |
| 2020-03-16 | CVE-2019-5543 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client, Remote Console and Workstation For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. | 7.8 |
| 2020-02-19 | CVE-2020-3945 | Unspecified vulnerability in VMWare Vrealize Operations 6.6.0/6.7.0 vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. | 7.5 |