Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-3980 | Unspecified vulnerability in VMWare Fusion VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. | 6.7 |
| 2020-08-31 | CVE-2020-5419 | Uncontrolled Search Path Element vulnerability in multiple products RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. | 6.7 |
| 2020-08-21 | CVE-2020-3975 | Cross-site Scripting vulnerability in VMWare APP Volumes VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2020-08-21 | CVE-2020-3976 | Resource Exhaustion vulnerability in VMWare Esxi and Vcenter Server VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. | 5.3 |
| 2020-08-07 | CVE-2020-5412 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in VMWare Spring Cloud Netflix Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. | 6.5 |
| 2020-07-31 | CVE-2020-5414 | Information Exposure Through Log Files vulnerability in VMWare products VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. | 5.7 |
| 2020-06-25 | CVE-2020-3971 | Out-of-bounds Write vulnerability in VMWare products VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. | 5.5 |
| 2020-06-25 | CVE-2020-3965 | Out-of-bounds Read vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. | 5.5 |
| 2020-06-25 | CVE-2020-3964 | Use of Uninitialized Resource vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. | 4.7 |
| 2020-06-25 | CVE-2020-3963 | Use After Free vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. | 5.5 |