Filtered by vendor Vmware
Subscribe
Search
Total
221 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20900 | 6 Debian, Fedoraproject, Linux and 3 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2024-01-12 | N/A | 7.5 HIGH |
| A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | |||||
| CVE-2009-0034 | 2 Gratisoft, Vmware | 2 Sudo, Esx | 2024-01-12 | 6.9 MEDIUM | 7.8 HIGH |
| parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | |||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 12 Ubuntu Linux, Fedora, Linux Kernel and 9 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | |||||
| CVE-2022-22942 | 1 Vmware | 1 Photon Os | 2023-12-18 | N/A | 7.8 HIGH |
| The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | |||||
| CVE-2023-34053 | 1 Vmware | 1 Spring Framework | 2023-12-14 | N/A | 7.5 HIGH |
| In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | |||||
| CVE-2023-34059 | 2 Debian, Vmware | 2 Debian Linux, Open Vm Tools | 2023-11-27 | N/A | 7.0 HIGH |
| open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | |||||
| CVE-2023-34058 | 3 Debian, Microsoft, Vmware | 4 Debian Linux, Windows, Open Vm Tools and 1 more | 2023-11-17 | N/A | 7.5 HIGH |
| VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | |||||
| CVE-2023-34040 | 1 Vmware | 1 Spring | 2023-08-29 | N/A | 7.8 HIGH |
| In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record. | |||||
| CVE-2022-31661 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31664 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31660 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2023-08-08 | N/A | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31690 | 2 Netapp, Vmware | 2 Active Iq Unified Manager, Spring Security | 2023-08-08 | N/A | 8.1 HIGH |
| Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. | |||||
| CVE-2022-22960 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-31675 | 1 Vmware | 1 Vrealize Operations | 2023-08-08 | N/A | 7.5 HIGH |
| VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. | |||||
| CVE-2022-31672 | 1 Vmware | 1 Vrealize Operations | 2023-08-08 | N/A | 7.2 HIGH |
| VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. | |||||
| CVE-2022-22958 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2023-08-08 | 6.5 MEDIUM | 7.2 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. | |||||
| CVE-2022-22973 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2022-36416 | 1 Vmware | 1 Ixgben | 2023-08-08 | N/A | 7.8 HIGH |
| Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-1081 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7). | |||||
| CVE-2021-1058 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2023-08-08 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-1083 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4). | |||||
| CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2023-08-08 | N/A | 8.8 HIGH |
| VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | |||||
| CVE-2021-1082 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7) | |||||
| CVE-2022-31673 | 1 Vmware | 1 Vrealize Operations | 2023-08-08 | N/A | 8.8 HIGH |
| VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. | |||||
| CVE-2021-1062 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2023-08-08 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2022-22962 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. | |||||
| CVE-2022-22964 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | |||||
| CVE-2021-22119 | 2 Oracle, Vmware | 2 Communications Cloud Native Core Policy, Spring Security | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. | |||||
| CVE-2021-22048 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | |||||
| CVE-2021-22118 | 3 Netapp, Oracle, Vmware | 32 Hci, Management Services For Element Software, Commerce Guided Search and 29 more | 2022-07-25 | 4.6 MEDIUM | 7.8 HIGH |
| In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | |||||
| CVE-2020-5398 | 3 Netapp, Oracle, Vmware | 33 Data Availability Services, Snapcenter, Application Testing Suite and 30 more | 2022-07-25 | 7.6 HIGH | 7.5 HIGH |
| In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | |||||
| CVE-2022-22982 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-20 | N/A | 7.5 HIGH |
| The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | |||||
| CVE-2021-22009 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. | |||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | |||||
| CVE-2021-22012 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2021-21999 | 1 Vmware | 3 App Volumes, Remote Console, Tools | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. | |||||
| CVE-2021-22034 | 1 Vmware | 1 Vrealize Operations Tenant | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | |||||
| CVE-2021-21991 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). | |||||
| CVE-2021-22008 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. | |||||
| CVE-2021-21980 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2022-22979 | 1 Vmware | 1 Spring Cloud Function | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. | |||||
| CVE-2018-1272 | 2 Oracle, Vmware | 25 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 22 more | 2022-06-23 | 6.0 MEDIUM | 7.5 HIGH |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. | |||||
| CVE-2018-11040 | 3 Debian, Oracle, Vmware | 28 Debian Linux, Agile Product Lifecycle Management, Application Testing Suite and 25 more | 2022-06-23 | 4.3 MEDIUM | 7.5 HIGH |
| Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. | |||||
| CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2022-06-20 | 6.5 MEDIUM | 8.8 HIGH |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | |||||
| CVE-2022-22977 | 2 Microsoft, Vmware | 2 Windows, Tools | 2022-06-09 | 3.6 LOW | 7.1 HIGH |
| VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. | |||||
| CVE-2021-22116 | 2 Debian, Vmware | 2 Debian Linux, Rabbitmq | 2022-06-04 | 4.3 MEDIUM | 7.5 HIGH |
| RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. | |||||
| CVE-2018-15801 | 1 Vmware | 1 Spring Framework | 2022-06-03 | 5.8 MEDIUM | 7.4 HIGH |
| Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. | |||||
| CVE-2019-5527 | 2 Apple, Vmware | 6 Mac Os X, Esxi, Fusion and 3 more | 2022-06-02 | 7.2 HIGH | 8.8 HIGH |
| ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. | |||||
| CVE-2018-6974 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-06-02 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||