CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3945
https://notcve.org/view.php?id=CVE-2020-3945
19 Feb 2020 — vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. • https://www.vmware.com/security/advisories/VMSA-2020-0003.html •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2020-3940
https://notcve.org/view.php?id=CVE-2020-3940
17 Jan 2020 — VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. VMware Workspace ONE SDK y las actualizaciones de aplicaciones móviles dependientes abordan la vulnerabilidad de divulgación de información confidencial. • https://www.vmware.com/security/advisories/VMSA-2020-0001.html • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5540
https://notcve.org/view.php?id=CVE-2019-5540
20 Nov 2019 — VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. ... VMware Workstation (versiones 15.x anteriores a 15.5.1) y Fusion (versiones 11.x anteriores a 11.5.1), contienen una vulnerabilidad de divulgación de información en vmnetdhcp. • https://www.vmware.com/security/advisories/VMSA-2019-0021.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2019-5538
https://notcve.org/view.php?id=CVE-2019-5538
28 Oct 2019 — Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. ... Una vulnerabilidad de divulgación de información confidencial resultando de la falta de comprobación del certificado durante las operaciones de Copia de Seguridad y Restauración Basadas ... • https://www.vmware.com/security/advisories/VMSA-2019-0018.html • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2019-5537
https://notcve.org/view.php?id=CVE-2019-5537
28 Oct 2019 — Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. ... Una vulnerabilidad de divulgación de información confidencial resultando de la falta de comprobación del certificado durante las operaciones de Copia de Seguridad y Restauraci... • https://www.vmware.com/security/advisories/VMSA-2019-0018.html • CWE-295: Improper Certificate Validation •
CVSS: 9.6EPSS: 0%CPEs: 120EXPL: 0CVE-2019-5521
https://notcve.org/view.php?id=CVE-2019-5521
20 Sep 2019 — VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. ... VMware ESXi (versión 6.7 anterior... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0757 • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 68EXPL: 0CVE-2019-5531 – VMware Security Advisory 2019-0013
https://notcve.org/view.php?id=CVE-2019-5531
18 Sep 2019 — VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. ... VMware vSphere ESXi (6.7 anterior a la versión ESXi670-201810101-SG, 6.5 anterior a la versión ESXi650-201811102-SG y 6.0 anterior a la veris... • http://www.vmware.com/security/advisories/VMSA-2019-0013.html • CWE-613: Insufficient Session Expiration •
CVSS: 7.7EPSS: 1%CPEs: 44EXPL: 0CVE-2019-5532 – VMware Security Advisory 2019-0013
https://notcve.org/view.php?id=CVE-2019-5532
18 Sep 2019 — VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. ... VMware vCenter Server (versión 6.7.x anterior a 6.7 U3, versión 6.5 anterior a 6.5 U3 y versión 6.0 anterior a 6.0 U3j), contiene una vulnerabilidad de divulgación de información debido al registro de credenciales en texto plano para máquinas virtu... • http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.7EPSS: 0%CPEs: 44EXPL: 0CVE-2019-5534 – VMware Security Advisory 2019-0013
https://notcve.org/view.php?id=CVE-2019-5534
18 Sep 2019 — VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. ... VMware vCenter Server (versión 6.7.x anterior a 6.7 U3, versión 6.5 anterior a 6.5 U3 y versión 6.0 anterior a 6.0 U3j), contiene una vulnerabilidad de divulgación de información donde las máquinas virtuales impleme... • http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6179
https://notcve.org/view.php?id=CVE-2019-6179
03 Sep 2019 — An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. Se informo de una vulnerabilidad de procesamiento de XEE (XML External Entity) en Lenovo XClarity Administrator (LXCA) en versiones anteriores a la 2.5.... • https://support.lenovo.com/solutions/LEN-27805 • CWE-611: Improper Restriction of XML External Entity Reference •