VYPR

Vendor CVEs

VMware

All CVEs

967 total · sorted by risk
  • CVE-2022-31675Aug 9, 2022
    risk 0.00cvss epss 0.01

    VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.

  • CVE-2022-31672Aug 9, 2022
    risk 0.00cvss epss 0.01

    VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.

  • CVE-2022-31657Aug 5, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

  • CVE-2022-31658Aug 5, 2022
    risk 0.00cvss epss 0.02

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

  • CVE-2022-31661Aug 5, 2022
    risk 0.00cvss epss 0.00

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-31659Aug 5, 2022
    risk 0.00cvss epss 0.02

    VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

  • CVE-2022-31663Aug 5, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's…

  • CVE-2022-31664Aug 5, 2022
    risk 0.00cvss epss 0.00

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-31665Aug 5, 2022
    risk 0.00cvss epss 0.02

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

  • CVE-2022-31662Aug 5, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.

  • CVE-2022-30276Jul 26, 2022
    risk 0.00cvss epss 0.01

    The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links)…

  • CVE-2022-35906Jul 15, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a DGN file containing crafted data can force an out-of-bounds read. Exploitation of these…

  • CVE-2022-35904Jul 15, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these…

  • CVE-2022-35901Jul 15, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a J2K file containing crafted data can force an out-of-bounds read. Exploitation of these…

  • CVE-2022-22982Jul 13, 2022
    risk 0.00cvss epss 0.01

    The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

  • CVE-2022-31655Jul 12, 2022
    risk 0.00cvss epss 0.00

    VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.

  • CVE-2022-31654Jul 12, 2022
    risk 0.00cvss epss 0.00

    VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.

  • CVE-2022-22953Jun 16, 2022
    risk 0.00cvss epss 0.01

    VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.

  • CVE-2022-22973May 20, 2022
    risk 0.00cvss epss 0.02

    VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-22976May 19, 2022
    risk 0.00cvss epss 0.02

    Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer…

  • CVE-2022-22975May 11, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters,…

  • CVE-2022-22958Apr 13, 2022
    risk 0.00cvss epss 0.03

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…

  • CVE-2022-22961Apr 13, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can…

  • CVE-2022-22959Apr 13, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

  • CVE-2022-22964Apr 11, 2022
    risk 0.00cvss epss 0.00

    VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.

  • CVE-2022-22962Apr 11, 2022
    risk 0.00cvss epss 0.00

    VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.

  • CVE-2021-22055Apr 11, 2022
    risk 0.00cvss epss 0.01

    The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.

  • CVE-2022-22952Mar 23, 2022
    risk 0.00cvss epss 0.01

    VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to…

  • CVE-2022-22951Mar 23, 2022
    risk 0.00cvss epss 0.22

    VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control…

  • CVE-2022-22943Mar 3, 2022
    risk 0.00cvss epss 0.01

    VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in…

  • CVE-2022-22944Mar 2, 2022
    risk 0.00cvss epss 0.00

    VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's…

  • CVE-2021-46656Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2021-46655Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2021-46654Feb 18, 2022
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-46653Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2021-46642Feb 18, 2022
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-46640Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2021-46632Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-46629Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-46628Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-46626Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2021-46624Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-46623Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2021-46571Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2021-46570Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2022-22945Feb 16, 2022
    risk 0.00cvss epss 0.00

    VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

  • CVE-2021-22050Feb 16, 2022
    risk 0.00cvss epss 0.02

    ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

  • CVE-2021-22043Feb 16, 2022
    risk 0.00cvss epss 0.01

    VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.

  • CVE-2021-22041Feb 16, 2022
    risk 0.00cvss epss 0.01

    VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

  • CVE-2021-22042Feb 16, 2022
    risk 0.00cvss epss 0.00

    VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

Page 11 of 20