Filtered by vendor Vmware
Subscriptions
Total
918 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-31689 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. | ||||
CVE-2022-31688 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 6.1 Medium |
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | ||||
CVE-2022-31687 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | ||||
CVE-2022-38651 | 1 Vmware | 1 Hyperic Server | 2025-05-01 | 9.8 Critical |
A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
CVE-2009-1143 | 1 Vmware | 1 Open-vm-tools | 2025-04-26 | 7 High |
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). | ||||
CVE-2009-1142 | 1 Vmware | 1 Open Vm Tools | 2025-04-26 | 6.7 Medium |
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. | ||||
CVE-2022-31008 | 2 Broadcom, Vmware | 2 Rabbitmq Server, Rabbitmq | 2025-04-23 | 5.5 Medium |
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins. | ||||
CVE-2022-34679 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2025-04-23 | 5.5 Medium |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. | ||||
CVE-2022-42255 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2025-04-23 | 5.3 Medium |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | ||||
CVE-2022-42257 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2025-04-23 | 5.3 Medium |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. | ||||
CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-22 | 7.5 High |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
CVE-2022-31702 | 1 Vmware | 1 Vrealize Network Insight | 2025-04-22 | 9.8 Critical |
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. | ||||
CVE-2022-31701 | 2 Linux, Vmware | 4 Linux Kernel, Access, Cloud Foundation and 1 more | 2025-04-22 | 5.3 Medium |
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | ||||
CVE-2022-31700 | 2 Microsoft, Vmware | 4 Windows, Access, Cloud Foundation and 1 more | 2025-04-22 | 7.2 High |
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | ||||
CVE-2022-31699 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-04-22 | 3.3 Low |
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | ||||
CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-04-22 | 5.5 Medium |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | ||||
CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-04-22 | 8.8 High |
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | ||||
CVE-2022-31698 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-04-22 | 5.3 Medium |
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | ||||
CVE-2017-4896 | 1 Vmware | 2 Airwatch Agent, Airwatch Inbox | 2025-04-20 | N/A |
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. | ||||
CVE-2017-4898 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2025-04-20 | N/A |
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. |