Filtered by vendor Vmware
Subscribe
Total
875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22983 | 1 Vmware | 1 Workstation | 2022-08-15 | N/A | 5.9 MEDIUM |
| VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation. | |||||
| CVE-2022-31674 | 1 Vmware | 1 Vrealize Operations | 2022-08-15 | N/A | 4.3 MEDIUM |
| VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | |||||
| CVE-2022-31665 | 3 Linux, Microsoft, Vmware | 5 Linux Kernel, Windows, Identity Manager and 2 more | 2022-08-11 | N/A | 7.2 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||||
| CVE-2022-31663 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 6.1 MEDIUM |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | |||||
| CVE-2022-31662 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.5 HIGH |
| VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. | |||||
| CVE-2022-31659 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.2 HIGH |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||||
| CVE-2022-31658 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.2 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||||
| CVE-2022-22962 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. | |||||
| CVE-2022-22964 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | |||||
| CVE-2020-5397 | 2 Oracle, Vmware | 27 Application Testing Suite, Communications Brm - Elastic Charging Engine, Communications Diameter Signaling Router and 24 more | 2022-07-25 | 2.6 LOW | 5.3 MEDIUM |
| Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. | |||||
| CVE-2022-22982 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-20 | N/A | 7.5 HIGH |
| The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | |||||
| CVE-2014-4258 | 6 Debian, Mariadb, Opensuse Project and 3 more | 12 Debian Linux, Mariadb, Suse Linux Enterprise Desktop and 9 more | 2022-07-18 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. | |||||
| CVE-2011-2894 | 1 Vmware | 2 Spring Framework, Spring Security | 2022-07-17 | 6.8 MEDIUM | N/A |
| Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class. | |||||
| CVE-2022-31654 | 1 Vmware | 1 Vrealize Log Insight | 2022-07-16 | 3.5 LOW | 5.4 MEDIUM |
| VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. | |||||
| CVE-2022-31655 | 1 Vmware | 1 Vrealize Log Insight | 2022-07-16 | 3.5 LOW | 5.4 MEDIUM |
| VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. | |||||
| CVE-2021-22009 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. | |||||
| CVE-2021-21980 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2021-21991 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). | |||||
| CVE-2021-1066 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2020-3952 | 1 Vmware | 1 Vcenter Server | 2022-07-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. | |||||