Filtered by vendor Vmware
Subscriptions
Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31689 | 1 Vmware | 1 Workspace One Assist | 2024-08-03 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. | ||||
| CVE-2022-31662 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-08-03 | 7.5 High |
| VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. | ||||
| CVE-2022-31657 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-08-03 | 9.8 Critical |
| VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. | ||||
| CVE-2022-31008 | 1 Vmware | 1 Rabbitmq | 2024-08-03 | 5.5 Medium |
| RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins. | ||||
| CVE-2022-29901 | 6 Debian, Fedoraproject, Intel and 3 more | 258 Debian Linux, Fedora, Core I3-6100 and 255 more | 2024-08-03 | 5.6 Medium |
| Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||||
| CVE-2022-27772 | 1 Vmware | 1 Spring Boot | 2024-08-03 | 7.8 High |
| spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer | ||||
| CVE-2022-22983 | 1 Vmware | 1 Workstation | 2024-08-03 | 5.9 Medium |
| VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation. | ||||
| CVE-2022-22979 | 1 Vmware | 1 Spring Cloud Function | 2024-08-03 | 7.5 High |
| In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. | ||||
| CVE-2022-22956 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-08-03 | 9.8 Critical |
| VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. | ||||
| CVE-2022-22968 | 4 Netapp, Oracle, Redhat and 1 more | 9 Active Iq Unified Manager, Cloud Secure Agent, Metrocluster Tiebreaker and 6 more | 2024-08-03 | 5.3 Medium |
| In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. | ||||
| CVE-2022-22963 | 3 Oracle, Redhat, Vmware | 29 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 26 more | 2024-08-03 | 9.8 Critical |
| In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | ||||
| CVE-2022-22953 | 1 Vmware | 1 Vmware Hcx | 2024-08-03 | 6.5 Medium |
| VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. | ||||
| CVE-2022-22965 | 6 Cisco, Oracle, Redhat and 3 more | 44 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 41 more | 2024-08-03 | 9.8 Critical |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | ||||
| CVE-2022-22972 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-08-03 | 9.8 Critical |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | ||||
| CVE-2022-22951 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-08-03 | 9.1 Critical |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution. | ||||
| CVE-2022-22942 | 2 Redhat, Vmware | 8 Enterprise Linux, Rhel Aus, Rhel E4s and 5 more | 2024-08-03 | 7.8 High |
| The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | ||||
| CVE-2022-22975 | 1 Vmware | 1 Pinniped | 2024-08-03 | 6.6 Medium |
| An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership. | ||||
| CVE-2022-22966 | 1 Vmware | 1 Vcloud Director | 2024-08-03 | 7.2 High |
| An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. | ||||
| CVE-2022-22980 | 1 Vmware | 1 Spring Data Mongodb | 2024-08-03 | 9.8 Critical |
| A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. | ||||
| CVE-2022-22959 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-08-03 | 4.3 Medium |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. | ||||