CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3991
https://notcve.org/view.php?id=CVE-2020-3991
16 Oct 2020 — VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. VMware Horizon Client para Windows (versiones 5.x anteriores a 5.5.0) contiene una vuln... • https://www.vmware.com/security/advisories/VMSA-2020-0022.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3977
https://notcve.org/view.php?id=CVE-2020-3977
22 Sep 2020 — VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. VMware Horizon DaaS (versiones 7.x y versiones 8.x anteriores a 8.0.1 Update 1), contiene una vulnerabilidad de autenticación rota debido a un ... • https://www.vmware.com/security/advisories/VMSA-2020-0021.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3986 – VMware Workstation ThinPrint EMF Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3986
15 Sep 2020 — VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (versión 15.x) y Horizon Client para Windows (versión 5.x anteri... • https://www.vmware.com/security/advisories/VMSA-2020-0020.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3987 – VMware Workstation ThinPrint EMR_STRETCHDIBITS Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3987
15 Sep 2020 — VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (versión 15.x) y Horizon Client para Windows (vers... • https://www.vmware.com/security/advisories/VMSA-2020-0020.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3988 – VMware Workstation ThinPrint JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3988
15 Sep 2020 — VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (versión 15.x) y Horizon Client para Windows (versión 5.x a... • https://www.vmware.com/security/advisories/VMSA-2020-0020.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3989 – VMware Workstation ThinPrint name Table Integer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3989
15 Sep 2020 — VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on ... • https://www.vmware.com/security/advisories/VMSA-2020-0020.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3990 – VMware Workstation ThinPrint TTCHeader Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3990
15 Sep 2020 — VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Wo... • https://www.vmware.com/security/advisories/VMSA-2020-0020.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3974
https://notcve.org/view.php?id=CVE-2020-3974
10 Jul 2020 — VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. VMware Fusion (versiones 11.x anteriores a 11.5.5), V... • https://www.vmware.com/security/advisories/VMSA-2020-0017.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3961
https://notcve.org/view.php?id=CVE-2020-3961
15 Jun 2020 — VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user. VMware Horizon Client para Windows (versiones anteriores a 5.4.3) presenta una vulnerabilidad de escalada de privilegios debido a una configuración de permisos de carpeta y la carga no segura de bibliotecas. Un usuario local en el s... • https://www.vmware.com/security/advisories/VMSA-2020-0013.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3957
https://notcve.org/view.php?id=CVE-2020-3957
29 May 2020 — VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. VMware Fusion (versiones 11.x anteriores a 11.5.5), VMware Remote... • https://www.vmware.com/security/advisories/VMSA-2020-0011.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •