Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2019-5541 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. | 6.5 |
| 2019-11-20 | CVE-2019-5540 | Memory Leak vulnerability in VMWare Fusion and Workstation VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. | 4.0 |
| 2019-10-29 | CVE-2019-5533 | Incorrect Authorization vulnerability in VMWare Sd-Wan BY Velocloud In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. | 4.0 |
| 2019-10-28 | CVE-2019-5538 | Improper Certificate Validation vulnerability in VMWare Vcenter Server 6.5/6.7 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. | 4.3 |
| 2019-10-28 | CVE-2019-5537 | Improper Certificate Validation vulnerability in VMWare Vcenter Server 6.5/6.7 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. | 4.3 |
| 2019-10-18 | CVE-2019-16919 | Incorrect Default Permissions vulnerability in multiple products Harbor API has a Broken Access Control vulnerability. | 5.0 |
| 2019-09-20 | CVE-2019-5521 | Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. | 5.5 |
| 2019-09-18 | CVE-2019-5531 | Insufficient Session Expiration vulnerability in VMWare Esxi, Vcenter Server and Vsphere Esxi VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. | 5.8 |
| 2019-09-18 | CVE-2019-5534 | Insufficiently Protected Credentials vulnerability in VMWare Vcenter Server 6.0/6.5/6.7 VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. | 4.0 |
| 2019-09-18 | CVE-2019-5532 | Information Exposure Through Log Files vulnerability in VMWare Vcenter Server 6.0/6.5/6.7 VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. | 4.0 |