Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-17 | CVE-2020-5397 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 5.3 |
| 2020-01-17 | CVE-2020-3940 | Improper Certificate Validation vulnerability in VMWare products VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | 5.9 |
| 2019-11-22 | CVE-2019-11291 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. | 4.8 |
| 2019-10-29 | CVE-2019-5533 | Incorrect Authorization vulnerability in VMWare Sd-Wan BY Velocloud In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. | 4.3 |
| 2019-10-28 | CVE-2019-5538 | Improper Certificate Validation vulnerability in VMWare Vcenter Server 6.5/6.7 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. | 5.9 |
| 2019-10-28 | CVE-2019-5537 | Improper Certificate Validation vulnerability in VMWare Vcenter Server 6.5/6.7 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. | 5.9 |
| 2019-10-28 | CVE-2019-5536 | Unspecified vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. | 6.5 |
| 2019-10-10 | CVE-2019-5535 | Unspecified vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. low complexity vmware | 4.7 |
| 2019-09-18 | CVE-2019-5531 | Insufficient Session Expiration vulnerability in VMWare Esxi, Vcenter Server and Vsphere Esxi VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. | 5.4 |
| 2019-07-11 | CVE-2019-5528 | Unspecified vulnerability in VMWare Esxi 6.5/6.7 VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. | 5.3 |