Filtered by vendor Vmware
Subscribe
Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31702 | 1 Vmware | 1 Vrealize Network Insight | 2024-02-28 | N/A | 9.8 CRITICAL |
| vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. | |||||
| CVE-2022-34677 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering. | |||||
| CVE-2022-31711 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | N/A | 5.3 MEDIUM |
| VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. | |||||
| CVE-2022-31706 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | N/A | 9.8 CRITICAL |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
| CVE-2022-42261 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. | |||||
| CVE-2023-20858 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-02-28 | N/A | 7.2 HIGH |
| VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. | |||||
| CVE-2022-31704 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | N/A | 9.8 CRITICAL |
| The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | |||||
| CVE-2022-42263 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-02-28 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. | |||||
| CVE-2022-42260 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2022-31698 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | N/A | 5.3 MEDIUM |
| The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | |||||
| CVE-2022-31699 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-02-28 | N/A | 3.3 LOW |
| VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | |||||
| CVE-2009-1142 | 1 Vmware | 1 Open Vm Tools | 2024-02-28 | N/A | 6.7 MEDIUM |
| An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. | |||||
| CVE-2022-31707 | 1 Vmware | 1 Vrealize Operations | 2024-02-28 | N/A | 7.2 HIGH |
| vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | |||||
| CVE-2023-20855 | 1 Vmware | 2 Vrealize Automation, Vrealize Orchestrator | 2024-02-28 | N/A | 8.8 HIGH |
| VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. | |||||
| CVE-2022-42255 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | |||||
| CVE-2022-34682 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-02-28 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-31705 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-28 | N/A | 8.2 HIGH |
| VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | |||||
| CVE-2022-42257 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 7.3 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. | |||||
| CVE-2022-42264 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service. | |||||
| CVE-2022-34678 | 6 Citrix, Linux, Microsoft and 3 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2024-02-28 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service. | |||||