CVE-2021-21981

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...

CVE-2020-3987

VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain an out-of-bounds read vulnerability in Cortado ThinPrint component EMR STRETCHDIBITS parser. A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial...

CVE-2020-3970

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative loc...

CVE-2020-3974

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

CVE-2020-3992

OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...

CVE-2020-3981

VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x, Fusion 11.x before 11.5.6 contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative...

CVE-2020-3968

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds write vulnerability in the USB 3.0 controller xHCI. A malicious actor with local administrati...

CVE-2020-3964

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may b...

CVE-2020-3971

VMware ESXi 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG, Workstation 15.x before 15.0.2, and Fusion 11.x before 11.0.2 contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3...

CVE-2020-3980

VMware Fusion 11.x contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed...

CVE-2020-3988

VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain an out-of-bounds read vulnerability in Cortado ThinPrint component JPEG2000 parser. A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service...

CVE-2020-4003

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to...

CVE-2020-3972

VMware Tools for macOS 11.x.x and prior before 11.1.1 contains a denial-of-service vulnerability in the Host-Guest File System HGFS implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service...

CVE-2020-3977

VMware Horizon DaaS 7.x and 8.x before 8.0.1 Update 1 contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit th...

CVE-2020-3999

VMware ESXi 7.0 prior to ESXi70U1c-17325551, VMware Workstation 16.x prior to 16.0 and 15.x prior to 15.5.7, VMware Fusion 12.x prior to 12.0 and 11.x prior to 11.5.7 and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious...

CVE-2020-3986

VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain an out-of-bounds read vulnerability in Cortado ThinPrint component EMF Parser. A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service...

CVE-2020-3969

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual...

CVE-2020-3959

VMware ESXi 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, VMware Workstation 15.x before 15.1.0 and VMware Fusion 11.x before 11.1.0 contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be ab...

CVE-2020-3998

VMware Horizon Client for Windows 5.x prior to 5.5.0 contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes...

CVE-2020-3963

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be abl...