Filtered by vendor Vmware
Subscribe
Total
927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34682 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.
|
|||||
| CVE-2022-34679 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.
|
|||||
| CVE-2022-34677 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
|
|||||
| CVE-2022-34676 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-11-21 | N/A | 7.1 HIGH |
|
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.
|
|||||
| CVE-2022-34674 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.
|
|||||
| CVE-2022-34670 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
|
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
|
|||||
| CVE-2022-31705 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-11-21 | N/A | 8.2 HIGH |
|
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
|
|||||
| CVE-2022-31682 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | N/A | 4.9 MEDIUM |
|
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
|
|||||
| CVE-2022-31681 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-11-21 | N/A | 6.5 MEDIUM |
|
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
|
|||||
| CVE-2022-31680 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | N/A | 9.1 CRITICAL |
|
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
|
|||||
| CVE-2022-31677 | 1 Vmware | 1 Pinniped | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
|
|||||
| CVE-2022-31676 | 6 Debian, Fedoraproject, Linux and 3 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
|
|||||
| CVE-2022-31675 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | N/A | 7.5 HIGH |
|
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
|
|||||
| CVE-2022-31673 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | N/A | 8.8 HIGH |
|
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
|
|||||
| CVE-2022-31665 | 3 Linux, Microsoft, Vmware | 5 Linux Kernel, Windows, Identity Manager and 2 more | 2024-11-21 | N/A | 7.2 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
|
|||||
| CVE-2022-31664 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
|
|||||
| CVE-2022-31663 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
|
|||||
| CVE-2022-31662 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
|
|||||
| CVE-2022-31661 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
|
|||||
| CVE-2022-31660 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
|
|||||
| CVE-2022-31659 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 7.2 HIGH |
|
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
|
|||||
| CVE-2022-31658 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 7.2 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
|
|||||
| CVE-2022-31657 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
|
|||||
| CVE-2022-31656 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
|
|||||
| CVE-2022-31655 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
|
|||||
| CVE-2022-31654 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
|
|||||
| CVE-2022-29901 | 5 Debian, Fedoraproject, Intel and 2 more | 254 Debian Linux, Fedora, Core I3-6100 and 251 more | 2024-11-21 | 1.9 LOW | 5.6 MEDIUM |
|
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
|
|||||
| CVE-2022-27772 | 1 Vmware | 1 Spring Boot | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
|
|||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
|
|||||
| CVE-2022-22983 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A | 5.9 MEDIUM |
|
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
|
|||||
| CVE-2022-22982 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | N/A | 7.5 HIGH |
|
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
|
|||||
| CVE-2022-22980 | 1 Vmware | 1 Spring Data Mongodb | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
|
|||||
| CVE-2022-22979 | 1 Vmware | 1 Spring Cloud Function | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
|
|||||
| CVE-2022-22978 | 3 Netapp, Oracle, Vmware | 3 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Spring Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
|
|||||
| CVE-2022-22977 | 2 Microsoft, Vmware | 2 Windows, Tools | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
|
|||||
| CVE-2022-22976 | 3 Netapp, Oracle, Vmware | 3 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Spring Security | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
|
|||||
| CVE-2022-22975 | 1 Vmware | 1 Pinniped | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
|
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
|
|||||
| CVE-2022-22973 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
|
|||||
| CVE-2022-22972 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
|
|||||
| CVE-2022-22971 | 3 Netapp, Oracle, Vmware | 4 Cloud Secure Agent, Oncommand Insight, Financial Services Crime And Compliance Management Studio and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
|
|||||