Filtered by vendor Vmware Subscriptions
Total 901 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-31654 1 Vmware 1 Vrealize Log Insight 2024-11-21 5.4 Medium
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
CVE-2022-31008 1 Vmware 1 Rabbitmq 2024-11-21 5.5 Medium
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
CVE-2022-29901 6 Debian, Fedoraproject, Intel and 3 more 258 Debian Linux, Fedora, Core I3-6100 and 255 more 2024-11-21 5.6 Medium
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVE-2022-27772 1 Vmware 1 Spring Boot 2024-11-21 7.8 High
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CVE-2022-23825 5 Amd, Debian, Fedoraproject and 2 more 253 A10-9600p, A10-9600p Firmware, A10-9630p and 250 more 2024-11-21 6.5 Medium
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-22983 1 Vmware 1 Workstation 2024-11-21 5.9 Medium
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
CVE-2022-22982 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 7.5 High
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVE-2022-22980 1 Vmware 1 Spring Data Mongodb 2024-11-21 9.8 Critical
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
CVE-2022-22979 1 Vmware 1 Spring Cloud Function 2024-11-21 7.5 High
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
CVE-2022-22978 4 Netapp, Oracle, Redhat and 1 more 5 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Jboss Fuse and 2 more 2024-11-21 9.8 Critical
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVE-2022-22977 2 Microsoft, Vmware 2 Windows, Tools 2024-11-21 7.1 High
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVE-2022-22976 4 Netapp, Oracle, Redhat and 1 more 5 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Jboss Fuse and 2 more 2024-11-21 5.3 Medium
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
CVE-2022-22975 1 Vmware 1 Pinniped 2024-11-21 6.6 Medium
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
CVE-2022-22973 2 Linux, Vmware 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more 2024-11-21 7.8 High
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-22972 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 9.8 Critical
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVE-2022-22971 4 Netapp, Oracle, Redhat and 1 more 6 Cloud Secure Agent, Oncommand Insight, Financial Services Crime And Compliance Management Studio and 3 more 2024-11-21 6.5 Medium
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
CVE-2022-22970 4 Netapp, Oracle, Redhat and 1 more 8 Active Iq Unified Manager, Brocade San Navigator, Cloud Secure Agent and 5 more 2024-11-21 5.3 Medium
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CVE-2022-22968 4 Netapp, Oracle, Redhat and 1 more 9 Active Iq Unified Manager, Cloud Secure Agent, Metrocluster Tiebreaker and 6 more 2024-11-21 5.3 Medium
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CVE-2022-22966 1 Vmware 1 Vcloud Director 2024-11-21 7.2 High
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
CVE-2022-22965 6 Cisco, Oracle, Redhat and 3 more 45 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 42 more 2024-11-21 9.8 Critical
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.