Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Total 896 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34670 6 Citrix, Debian, Linux and 3 more 13 Hypervisor, Debian Linux, Linux Kernel and 10 more 2024-02-28 N/A 7.8 HIGH
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
CVE-2022-31708 1 Vmware 1 Vrealize Operations 2024-02-28 N/A 4.9 MEDIUM
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
CVE-2023-20856 1 Vmware 1 Vrealize Operations 2024-02-28 N/A 8.8 HIGH
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
CVE-2022-42259 6 Citrix, Debian, Linux and 3 more 13 Hypervisor, Debian Linux, Linux Kernel and 10 more 2024-02-28 N/A 5.5 MEDIUM
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.
CVE-2022-31689 1 Vmware 1 Workspace One Assist 2024-02-28 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
CVE-2022-31656 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 9.8 CRITICAL
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVE-2022-31677 1 Vmware 1 Pinniped 2024-02-28 N/A 5.4 MEDIUM
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
CVE-2022-31688 1 Vmware 1 Workspace One Assist 2024-02-28 N/A 6.1 MEDIUM
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
CVE-2022-31679 1 Vmware 1 Spring Data Rest 2024-02-28 N/A 3.7 LOW
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
CVE-2022-31672 1 Vmware 1 Vrealize Operations 2024-02-28 N/A 7.2 HIGH
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
CVE-2022-21793 2 Intel, Vmware 10 82599 10 Gigabit Ethernet Controller, Ethernet Controller X540, Ethernet Controller X550 and 7 more 2024-02-28 N/A 5.5 MEDIUM
Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2022-31657 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 9.8 CRITICAL
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
CVE-2022-31678 1 Vmware 2 Cloud Foundation, Nsx Data Center 2024-02-28 N/A 9.1 CRITICAL
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVE-2022-31008 1 Vmware 1 Rabbitmq 2024-02-28 N/A 7.5 HIGH
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
CVE-2022-31685 1 Vmware 1 Workspace One Assist 2024-02-28 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVE-2022-31662 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.5 HIGH
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
CVE-2022-31659 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.2 HIGH
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVE-2022-31664 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.8 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-31661 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Access Connector and 3 more 2024-02-28 N/A 7.8 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-31690 2 Netapp, Vmware 2 Active Iq Unified Manager, Spring Security 2024-02-28 N/A 8.1 HIGH
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.