Filtered by vendor Vmware
Subscribe
Total
879 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31711 | 1 Vmware | 1 Vrealize Log Insight | 2023-09-11 | N/A | 5.3 MEDIUM |
| VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. | |||||
| CVE-2022-31706 | 1 Vmware | 1 Vrealize Log Insight | 2023-09-11 | N/A | 9.8 CRITICAL |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
| CVE-2022-31704 | 1 Vmware | 1 Vrealize Log Insight | 2023-09-11 | N/A | 9.8 CRITICAL |
| The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | |||||
| CVE-2023-20890 | 1 Vmware | 1 Aria Operations For Networks | 2023-08-31 | N/A | 7.2 HIGH |
| Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | |||||
| CVE-2023-20873 | 1 Vmware | 1 Spring Boot | 2023-08-28 | N/A | 9.8 CRITICAL |
| In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | |||||
| CVE-2022-31693 | 2 Microsoft, Vmware | 2 Windows, Tools | 2023-08-24 | N/A | 5.5 MEDIUM |
| VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | |||||
| CVE-2023-20862 | 2 Netapp, Vmware | 2 Active Iq Unified Manager, Spring Security | 2023-08-23 | N/A | 6.3 MEDIUM |
| In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. | |||||
| CVE-2023-34034 | 1 Vmware | 1 Spring Security | 2023-08-14 | N/A | 9.8 CRITICAL |
| Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | |||||
| CVE-2023-34038 | 1 Vmware | 1 Horizon Client | 2023-08-09 | N/A | 5.3 MEDIUM |
| VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | |||||
| CVE-2023-34037 | 1 Vmware | 1 Horizon Client | 2023-08-09 | N/A | 5.3 MEDIUM |
| VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. | |||||
| CVE-2022-31661 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31664 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31672 | 1 Vmware | 1 Vrealize Operations | 2023-08-08 | N/A | 7.2 HIGH |
| VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. | |||||
| CVE-2022-22955 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. | |||||
| CVE-2022-31660 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-22953 | 1 Vmware | 1 Vmware Hcx | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. | |||||
| CVE-2022-31685 | 1 Vmware | 1 Workspace One Assist | 2023-08-08 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-31686 | 1 Vmware | 1 Workspace One Assist | 2023-08-08 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-22961 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. | |||||
| CVE-2022-22972 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | |||||