CVE-2020-3966

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain a heap-overflow due to a race condition issue in the USB 2.0 controller EHCI. A malicious actor with local...

CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

CVE-2020-3967

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain a heap-overflow vulnerability in the USB 2.0 controller EHCI. A malicious actor with local access to a virtual...

CVE-2020-3953

Cross Site Scripting XSS vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

CVE-2020-3960

VMware ESXi 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a...

CVE-2020-3962

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine wi...

CVE-2020-3950

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

CVE-2020-3941

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11...

CVE-2020-3975

VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting XSS vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim'...

CVE-2020-3982

VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x, Fusion 11.x before 11.5.6 contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative...

CVE-2020-3989

VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial...

CVE-2013-3520

VMware vCenter Chargeback Manager aka CBM before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2013-5556

The license-installation module on the Cisco Nexus 1000V switch 4.21SV15.2b and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.21SM15.1 for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.21VSG11 for Nexus 1000V switches allows local users to gain privileges and execute arbitrary...

CVE-2013-1212

The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module VSM to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837...

CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management...

CVE-2019-5532

VMware vCenter Server 6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter...

CVE-2019-5534

VMware vCenter Server 6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to...

CVE-2019-5543

For VMware Horizon Client for Windows 5.x and prior before 5.3.0, VMware Remote Console for Windows 10.x before 11.0.0, VMware Workstation for Windows 15.x before 15.5.2 the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local...

CVE-2019-5521

VMware ESXi 6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001, Workstation 15.x before 15.0.3 and 14.x before 14.1.6 and Fusion 11.x before 11.0.3 and 10.x before 10.1.6 contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this...