CVE-2020-3995

In VMware ESXi 6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x before 15.1.0, Fusion 11.x before 11.1.0, the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigg...

CVE-2020-3961

VMware Horizon Client for Windows prior to 5.4.3 contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user...

CVE-2020-3951

VMware Workstation 15.x before 15.5.2 and Horizon Client for Windows 5.x and prior before 5.4.0 contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue ...

CVE-2020-3948

Linux Guest VMs running on VMware Workstation 15.x before 15.5.2 and Fusion 11.x before 11.5.2 contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled...

CVE-2020-3957

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior and VMware Horizon Client for Mac 5.x and prior contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use TOCTOU issue in the service opener. Successful exploitation of this issue may allow...

CVE-2020-3958

VMware ESXi 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, VMware Workstation 15.x before 15.5.2 and VMware Fusion 11.x before 11.5.2 contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with...

CVE-2020-4006

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability...

CVE-2020-3940

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability...

CVE-2020-8581

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled...

CVE-2020-8575

Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service DoS...

CVE-2020-3991

VMware Horizon Client for Windows 5.x before 5.5.0 contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at...

CVE-2020-3993

VMware NSX-T 3.x before 3.0.2, 2.5.x before 2.5.2.2.0 contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node...

CVE-2020-4005

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...

CVE-2020-3965

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may b...

CVE-2020-3952

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls...

CVE-2020-3947

VMware Workstation 15.x before 15.5.2 and Fusion 11.x before 11.5.2 contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service...

CVE-2020-3976

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3...

CVE-2020-3990

VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from...

CVE-2020-3997

VMware Horizon Server 7.x prior to 7.10.3 or 7.13.0 contains a Cross Site Scripting XSS vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed...

CVE-2020-3994

VMware vCenter Server 6.7 before 6.7u3, 6.6 before 6.5u3k contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repositor...