Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-29 | CVE-2020-3958 | Reachable Assertion vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. | 5.5 |
| 2020-05-14 | CVE-2020-5408 | Use of Insufficiently Random Values vulnerability in multiple products Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. | 6.5 |
| 2020-04-30 | CVE-2020-11652 | Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. | 6.5 |
| 2020-04-15 | CVE-2020-3954 | Open Redirect vulnerability in VMWare Vrealize LOG Insight Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | 6.1 |
| 2020-04-15 | CVE-2020-3953 | Improper Input Validation vulnerability in VMWare Vrealize LOG Insight Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | 4.8 |
| 2020-04-10 | CVE-2020-5406 | Insufficiently Protected Credentials vulnerability in VMWare Tanzu Application Service for VMS VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. | 6.5 |
| 2020-03-05 | CVE-2020-5405 | Path Traversal vulnerability in VMWare Spring Cloud Config Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 6.5 |
| 2020-01-17 | CVE-2020-5397 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 5.3 |
| 2020-01-17 | CVE-2020-3940 | Improper Certificate Validation vulnerability in VMWare products VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | 5.9 |
| 2019-11-22 | CVE-2019-11291 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. | 4.8 |