VYPR

Vendor CVEs

VMware

All CVEs

967 total · sorted by risk
  • CVE-2023-20879May 12, 2023
    risk 0.00cvss epss 0.00

    VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.

  • CVE-2023-20878May 12, 2023
    risk 0.00cvss epss 0.01

    VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.

  • CVE-2023-20872Apr 25, 2023
    risk 0.00cvss epss 0.01

    VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

  • CVE-2023-20871Apr 25, 2023
    risk 0.00cvss epss 0.00

    VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

  • CVE-2023-20869Apr 25, 2023
    risk 0.00cvss epss 0.02

    VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

  • CVE-2023-20870Apr 25, 2023
    risk 0.00cvss epss 0.00

    VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

  • CVE-2023-20865Apr 20, 2023
    risk 0.00cvss epss 0.02

    VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

  • CVE-2023-20862Apr 19, 2023
    risk 0.00cvss epss 0.01

    In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty…

  • CVE-2022-28320Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2022-28303Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2022-28308Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2022-28307Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2022-28309Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2023-20857Feb 28, 2023
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.

  • CVE-2023-20855Feb 21, 2023
    risk 0.00cvss epss 0.01

    VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information…

  • CVE-2023-20858Feb 21, 2023
    risk 0.00cvss epss 0.17

    VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access…

  • CVE-2023-20854Feb 3, 2023
    risk 0.00cvss epss 0.00

    VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.

  • CVE-2023-20856Feb 1, 2023
    risk 0.00cvss epss 0.00

    VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.

  • CVE-2021-3439Jan 30, 2023
    risk 0.00cvss epss 0.00

    HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

  • CVE-2022-31710Jan 25, 2023
    risk 0.00cvss epss 0.01

    vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.

  • CVE-2022-35646Dec 22, 2022
    risk 0.00cvss epss 0.00

    IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.  

  • CVE-2022-31707Dec 16, 2022
    risk 0.00cvss epss 0.01

    vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

  • CVE-2022-31708Dec 16, 2022
    risk 0.00cvss epss 0.01

    vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.

  • CVE-2022-31705Dec 14, 2022
    risk 0.00cvss epss 0.02

    VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running…

  • CVE-2022-31701Dec 14, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

  • CVE-2022-31703Dec 14, 2022
    risk 0.00cvss epss 0.02

    The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

  • CVE-2022-31702Dec 14, 2022
    risk 0.00cvss epss 0.02

    vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

  • CVE-2022-31700Dec 14, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

  • CVE-2022-31696Dec 13, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

  • CVE-2022-31699Dec 13, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

  • CVE-2022-31697Dec 13, 2022
    risk 0.00cvss epss 0.00

    The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext…

  • CVE-2022-31698Dec 13, 2022
    risk 0.00cvss epss 0.48

    The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

  • CVE-2009-1143Nov 23, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

  • CVE-2009-1142Nov 23, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

  • CVE-2022-38650Nov 12, 2022
    risk 0.00cvss epss 0.01

    A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the…

  • CVE-2022-38651Nov 12, 2022
    risk 0.00cvss epss 0.01

    A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no…

  • CVE-2022-38652Nov 12, 2022
    risk 0.00cvss epss 0.01

    A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of…

  • CVE-2022-31688Nov 9, 2022
    risk 0.00cvss epss 0.00

    VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

  • CVE-2022-31685Nov 9, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

  • CVE-2022-31686Nov 9, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

  • CVE-2022-31687Nov 9, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

  • CVE-2022-31689Nov 9, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

  • CVE-2022-31690Oct 31, 2022
    risk 0.00cvss epss 0.01

    Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the…

  • CVE-2022-31682Oct 11, 2022
    risk 0.00cvss epss 0.01

    VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.

  • CVE-2022-31681Oct 7, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

  • CVE-2022-31680Oct 7, 2022
    risk 0.00cvss epss 0.33

    The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

  • CVE-2022-31676Aug 23, 2022
    risk 0.00cvss epss 0.01

    VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

  • CVE-2022-22983Aug 9, 2022
    risk 0.00cvss epss 0.00

    VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected…

  • CVE-2022-31673Aug 9, 2022
    risk 0.00cvss epss 0.01

    VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.

  • CVE-2022-31674Aug 9, 2022
    risk 0.00cvss epss 0.01

    VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.

Page 10 of 20