Filtered by vendor Vmware
Subscribe
Total
909 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20879 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | |||||
| CVE-2023-20883 | 1 Vmware | 1 Spring Boot | 2025-01-16 | N/A | 7.5 HIGH |
| In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | |||||
| CVE-2023-20868 | 1 Vmware | 1 Nsx-t Data Center | 2025-01-16 | N/A | 6.1 MEDIUM |
| NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2025-01-14 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2023-20884 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Cloud Foundation and 3 more | 2025-01-10 | N/A | 6.1 MEDIUM |
| VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | |||||
| CVE-2022-31693 | 2 Microsoft, Vmware | 2 Windows, Tools | 2025-01-07 | N/A | 5.5 MEDIUM |
| VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | |||||
| CVE-2023-20889 | 1 Vmware | 1 Vrealize Network Insight | 2025-01-07 | N/A | 7.5 HIGH |
| Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | |||||
| CVE-2023-20888 | 1 Vmware | 1 Vrealize Network Insight | 2025-01-07 | N/A | 8.8 HIGH |
| Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | |||||
| CVE-2023-34048 | 1 Vmware | 1 Vcenter Server | 2024-12-20 | N/A | 9.8 CRITICAL |
| vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | |||||
| CVE-2024-37085 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-12-20 | N/A | 6.8 MEDIUM |
| VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | |||||
| CVE-2024-38820 | 1 Vmware | 1 Spring Framework | 2024-11-29 | N/A | 3.1 LOW |
| The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. | |||||
| CVE-2023-34042 | 1 Vmware | 1 Spring Security | 2024-11-29 | N/A | 4.1 MEDIUM |
| The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. | |||||
| CVE-2024-38812 | 1 Vmware | 1 Vcenter Server | 2024-11-22 | N/A | 9.8 CRITICAL |
| The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | |||||
| CVE-2024-38813 | 1 Vmware | 1 Vcenter Server | 2024-11-22 | N/A | 7.5 HIGH |
| The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | |||||
| CVE-2024-37084 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | |||||
| CVE-2024-22256 | 1 Vmware | 1 Cloud Director | 2024-11-21 | N/A | 4.3 MEDIUM |
| VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. | |||||
| CVE-2024-22241 | 1 Vmware | 1 Aria Operations For Networks | 2024-11-21 | N/A | 4.3 MEDIUM |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | |||||
| CVE-2024-22238 | 1 Vmware | 1 Aria Operations For Networks | 2024-11-21 | N/A | 6.4 MEDIUM |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | |||||
| CVE-2024-22236 | 1 Vmware | 1 Spring Cloud Contract | 2024-11-21 | N/A | 3.3 LOW |
| In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | |||||
| CVE-2024-0093 | 5 Canonical, Citrix, Nvidia and 2 more | 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. | |||||