Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Total 896 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31678 1 Vmware 2 Cloud Foundation, Nsx Data Center 2024-02-28 N/A 9.1 CRITICAL
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVE-2022-31008 1 Vmware 1 Rabbitmq 2024-02-28 N/A 7.5 HIGH
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
CVE-2022-31685 1 Vmware 1 Workspace One Assist 2024-02-28 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVE-2022-31662 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.5 HIGH
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
CVE-2022-31659 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.2 HIGH
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVE-2022-31664 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.8 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-31661 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.8 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-31690 2 Netapp, Vmware 2 Active Iq Unified Manager, Spring Security 2024-02-28 N/A 8.1 HIGH
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
CVE-2022-31676 6 Debian, Fedoraproject, Linux and 3 more 6 Debian Linux, Fedora, Linux Kernel and 3 more 2024-02-28 N/A 7.8 HIGH
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
CVE-2022-31665 3 Linux, Microsoft, Vmware 5 Linux Kernel, Windows, Identity Manager and 2 more 2024-02-28 N/A 7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVE-2022-31674 1 Vmware 1 Vrealize Operations 2024-02-28 N/A 4.3 MEDIUM
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
CVE-2022-23825 4 Amd, Debian, Fedoraproject and 1 more 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more 2024-02-28 2.1 LOW 6.5 MEDIUM
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-31673 1 Vmware 1 Vrealize Operations 2024-02-28 N/A 8.8 HIGH
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
CVE-2022-31681 1 Vmware 2 Cloud Foundation, Esxi 2024-02-28 N/A 6.5 MEDIUM
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
CVE-2022-31691 1 Vmware 5 Bosh Editor, Cloudfoundry Manifest Yml Support, Concourse Ci Pipeline Editor and 2 more 2024-02-28 N/A 9.8 CRITICAL
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
CVE-2022-29901 5 Debian, Fedoraproject, Intel and 2 more 254 Debian Linux, Fedora, Core I3-6100 and 251 more 2024-02-28 1.9 LOW 6.5 MEDIUM
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVE-2022-22983 1 Vmware 1 Workstation 2024-02-28 N/A 5.9 MEDIUM
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
CVE-2022-31675 1 Vmware 1 Vrealize Operations 2024-02-28 N/A 7.5 HIGH
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
CVE-2022-31686 1 Vmware 1 Workspace One Assist 2024-02-28 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVE-2022-31680 1 Vmware 1 Vcenter Server 2024-02-28 N/A 9.1 CRITICAL
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.