Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-3990 | Integer Overflow or Wraparound vulnerability in VMWare Horizon Client, Workstation Player and Workstation PRO VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. | 6.5 |
| 2020-09-16 | CVE-2020-3988 | Out-of-bounds Read vulnerability in VMWare Horizon Client, Workstation Player and Workstation PRO VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). | 6.1 |
| 2020-09-16 | CVE-2020-3987 | Out-of-bounds Read vulnerability in VMWare Horizon Client, Workstation Player and Workstation PRO VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). | 6.1 |
| 2020-09-16 | CVE-2020-3986 | Out-of-bounds Read vulnerability in VMWare Horizon Client, Workstation Player and Workstation PRO VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). | 6.1 |
| 2020-09-16 | CVE-2020-3980 | Unspecified vulnerability in VMWare Fusion VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. | 6.7 |
| 2020-08-21 | CVE-2020-3975 | Cross-site Scripting vulnerability in VMWare APP Volumes VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2020-08-21 | CVE-2020-3976 | Resource Exhaustion vulnerability in VMWare Esxi and Vcenter Server VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. | 5.3 |
| 2020-08-07 | CVE-2020-5412 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in VMWare Spring Cloud Netflix Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. | 6.5 |
| 2020-07-31 | CVE-2020-5414 | Information Exposure Through Log Files vulnerability in VMWare products VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. | 5.7 |
| 2020-06-25 | CVE-2020-3971 | Out-of-bounds Write vulnerability in VMWare products VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. | 5.5 |