Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2023-01-14 CVE-2023-22602 Interpretation Conflict vulnerability in multiple products
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache vmware CWE-436
7.5
2022-12-16 CVE-2022-31707 Unspecified vulnerability in VMWare Vrealize Operations 8.10.0
vRealize Operations (vROps) contains a privilege escalation vulnerability.
network
low complexity
vmware
7.2
2022-12-16 CVE-2022-31708 Exposure of Resource to Wrong Sphere vulnerability in VMWare Vrealize Operations 8.10.0
vRealize Operations (vROps) contains a broken access control vulnerability.
network
low complexity
vmware CWE-668
4.9
2022-12-14 CVE-2022-31700 Unspecified vulnerability in VMWare Access, Cloud Foundation and Identity Manager
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability.
network
low complexity
vmware
7.2
2022-12-14 CVE-2022-31701 Improper Authentication vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability.
network
low complexity
vmware CWE-287
5.3
2022-12-14 CVE-2022-31702 Command Injection vulnerability in VMWare Vrealize Network Insight
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API.
network
low complexity
vmware CWE-77
critical
9.8
2022-12-14 CVE-2022-31703 Path Traversal vulnerability in VMWare Vrealize Network Insight
The vRealize Log Insight contains a Directory Traversal Vulnerability.
network
low complexity
vmware CWE-22
7.5
2022-12-14 CVE-2022-31705 Out-of-bounds Write vulnerability in VMWare Esxi 7.0/8.0
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI).
local
low complexity
vmware CWE-787
8.2
2022-12-13 CVE-2022-31696 Unspecified vulnerability in VMWare Esxi 6.5/6.7
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket.
local
low complexity
vmware
8.8
2022-12-13 CVE-2022-31697 Cleartext Storage of Sensitive Information vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext.
local
low complexity
vmware CWE-312
5.5