Filtered by vendor Vmware
Subscribe
Total
892 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | N/A | 7.5 HIGH |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
CVE-2022-34674 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 6.1 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | |||||
CVE-2022-31700 | 2 Microsoft, Vmware | 4 Windows, Access, Cloud Foundation and 1 more | 2024-02-28 | N/A | 7.2 HIGH |
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | |||||
CVE-2022-42258 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 7.3 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | |||||
CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | N/A | 5.5 MEDIUM |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | |||||
CVE-2023-22602 | 2 Apache, Vmware | 2 Shiro, Spring Boot | 2024-02-28 | N/A | 7.5 HIGH |
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher` | |||||
CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-02-28 | N/A | 8.8 HIGH |
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | |||||
CVE-2021-31693 | 1 Vmware | 1 Tools | 2024-02-28 | N/A | 6.5 MEDIUM |
The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. | |||||
CVE-2023-20854 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2024-02-28 | N/A | 8.4 HIGH |
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. | |||||
CVE-2009-1143 | 1 Vmware | 1 Open-vm-tools | 2024-02-28 | N/A | 7.0 HIGH |
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). | |||||
CVE-2022-36797 | 1 Vmware | 1 Ixgben | 2024-02-28 | N/A | 5.5 MEDIUM |
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2022-31701 | 2 Linux, Vmware | 4 Linux Kernel, Access, Cloud Foundation and 1 more | 2024-02-28 | N/A | 5.3 MEDIUM |
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | |||||
CVE-2022-34680 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | |||||
CVE-2022-34676 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. | |||||
CVE-2022-34684 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-02-28 | N/A | 7.1 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure. | |||||
CVE-2022-34679 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-02-28 | N/A | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. | |||||
CVE-2023-20857 | 1 Vmware | 1 Workspace One Content | 2024-02-28 | N/A | 6.8 MEDIUM |
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. | |||||
CVE-2022-31710 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | N/A | 7.5 HIGH |
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. | |||||
CVE-2022-42256 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering. | |||||
CVE-2022-36416 | 1 Vmware | 1 Ixgben | 2024-02-28 | N/A | 7.8 HIGH |
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. |