ReportizFlow
Filtered by vendor Vmware
Subscriptions
Total
956 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31700 | 2 Microsoft, Vmware | 4 Windows, Access, Cloud Foundation and 1 more | 2025-04-22 | 7.2 High |
| VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | ||||
| CVE-2022-31699 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-04-22 | 3.3 Low |
| VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | ||||
| CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-04-22 | 5.5 Medium |
| The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | ||||
| CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-04-22 | 8.8 High |
| VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | ||||
| CVE-2017-4897 | 1 Vmware | 1 Horizon Daas | 2025-04-20 | N/A |
| VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. | ||||
| CVE-2017-4899 | 1 Vmware | 2 Workstation Player, Workstation Pro | 2025-04-20 | N/A |
| VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed. | ||||
| CVE-2017-4895 | 1 Vmware | 2 Airwatch Agent, Airwatch Inbox | 2025-04-20 | N/A |
| Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data. | ||||
| CVE-2017-8040 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 6.5 Medium |
| In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system. | ||||
| CVE-2017-4918 | 1 Vmware | 1 Horizon View | 2025-04-20 | N/A |
| VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed. | ||||
| CVE-2017-8041 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 6.1 Medium |
| In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | ||||
| CVE-2016-2173 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Advanced Message Queuing Protocol | 2025-04-20 | 9.8 Critical |
| org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | ||||
| CVE-2014-3527 | 1 Vmware | 1 Spring Security | 2025-04-20 | N/A |
| When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users. | ||||
| CVE-2015-5191 | 2 Linux, Vmware | 2 Linux Kernel, Tools | 2025-04-20 | N/A |
| VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | ||||
| CVE-2017-4917 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-20 | N/A |
| VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. | ||||
| CVE-2017-4904 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2025-04-20 | 8.8 High |
| The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. | ||||
| CVE-2017-8044 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2025-04-20 | 6.1 Medium |
| In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | ||||
| CVE-2017-4921 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | N/A |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation. | ||||
| CVE-2017-4942 | 1 Vmware | 1 Airwatch Console | 2025-04-20 | 4.9 Medium |
| VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. | ||||
| CVE-2014-0225 | 3 Pivotal Software, Redhat, Vmware | 4 Spring Framework, Jboss Amq, Jboss Fuse and 1 more | 2025-04-20 | N/A |
| When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. | ||||
| CVE-2017-4927 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | N/A |
| VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | ||||