Filtered by vendor Vmware
Subscribe
Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20867 | 1 Vmware | 1 Tools | 2023-08-17 | N/A | 3.9 LOW |
| A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | |||||
| CVE-2020-4008 | 2 Apple, Vmware | 2 Macos, Carbon Black Cloud | 2022-06-13 | 3.3 LOW | 3.6 LOW |
| The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. | |||||
| CVE-2021-22033 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager | 2021-10-19 | 4.0 MEDIUM | 2.7 LOW |
| Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2020-3972 | 2 Apple, Vmware | 2 Macos, Tools | 2021-09-08 | 2.1 LOW | 3.3 LOW |
| VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. | |||||
| CVE-2020-3959 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. | |||||
| CVE-2020-3989 | 1 Vmware | 3 Horizon Client, Workstation Player, Workstation Pro | 2020-09-28 | 2.1 LOW | 3.3 LOW |
| VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. | |||||
| CVE-2020-3970 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 1.9 LOW | 3.8 LOW |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition. | |||||
| CVE-2020-3951 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2020-03-24 | 2.1 LOW | 3.8 LOW |
| VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed. | |||||
| CVE-2017-4896 | 1 Vmware | 2 Airwatch Agent, Airwatch Inbox | 2019-10-03 | 2.1 LOW | 3.8 LOW |
| Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. | |||||