Filtered by vendor Vmware
Subscribe
Total
875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22240 | 1 Vmware | 1 Aria Operations For Networks | 2024-02-10 | N/A | 4.9 MEDIUM |
| Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | |||||
| CVE-2024-22241 | 1 Vmware | 1 Aria Operations For Networks | 2024-02-10 | N/A | 4.8 MEDIUM |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | |||||
| CVE-2024-22236 | 1 Vmware | 1 Spring Cloud Contract | 2024-02-09 | N/A | 5.5 MEDIUM |
| In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | |||||
| CVE-2022-29901 | 5 Debian, Fedoraproject, Intel and 2 more | 254 Debian Linux, Fedora, Core I3-6100 and 251 more | 2024-02-04 | 1.9 LOW | 6.5 MEDIUM |
| Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | |||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2024-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 11 Iphone Os, Safari, Ubuntu Linux and 8 more | 2024-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | |||||
| CVE-2023-34058 | 4 Debian, Fedoraproject, Microsoft and 1 more | 5 Debian Linux, Fedora, Windows and 2 more | 2024-02-01 | N/A | 7.5 HIGH |
| VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | |||||
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2024-01-25 | N/A | 8.3 HIGH |
| Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||||
| CVE-2023-34048 | 1 Vmware | 1 Vcenter Server | 2024-01-23 | N/A | 9.8 CRITICAL |
| vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | |||||
| CVE-2010-0211 | 4 Apple, Openldap, Opensuse and 1 more | 5 Mac Os X, Mac Os X Server, Openldap and 2 more | 2024-01-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | |||||
| CVE-2023-20900 | 6 Debian, Fedoraproject, Linux and 3 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-01-12 | N/A | 7.5 HIGH |
| A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | |||||
| CVE-2009-0034 | 2 Gratisoft, Vmware | 2 Sudo, Esx | 2024-01-12 | 6.9 MEDIUM | 7.8 HIGH |
| parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | |||||
| CVE-2023-34039 | 1 Vmware | 1 Aria Operations For Networks | 2024-01-09 | N/A | 9.8 CRITICAL |
| Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | |||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 12 Ubuntu Linux, Fedora, Linux Kernel and 9 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | |||||
| CVE-2023-34055 | 1 Vmware | 1 Spring Boot | 2023-12-21 | N/A | 6.5 MEDIUM |
| In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath | |||||
| CVE-2023-34064 | 1 Vmware | 1 Workspace One Launcher | 2023-12-18 | N/A | 4.6 MEDIUM |
| Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. | |||||
| CVE-2022-22942 | 1 Vmware | 1 Photon Os | 2023-12-18 | N/A | 7.8 HIGH |
| The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | |||||
| CVE-2023-34053 | 1 Vmware | 1 Spring Framework | 2023-12-14 | N/A | 7.5 HIGH |
| In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | |||||