Vulnerabilities > Vmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-25 | CVE-2024-37084 | Unspecified vulnerability in VMWare Spring Cloud Data Flow 2.11.0/2.11.1/2.11.2 In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | 8.8 |
2024-07-11 | CVE-2024-22280 | SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | 8.1 |
2024-07-04 | CVE-2024-22277 | Cross-site Scripting vulnerability in VMWare Cloud Director VMware Cloud Director Availability contains an HTML injection vulnerability. | 5.4 |
2024-06-25 | CVE-2024-37085 | Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | 7.2 |
2024-06-18 | CVE-2024-37079 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | 9.8 |
2024-06-18 | CVE-2024-37080 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | 9.8 |
2024-03-07 | CVE-2024-22256 | Unspecified vulnerability in VMWare Cloud Director 10.5 VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. | 4.3 |
2024-02-06 | CVE-2024-22237 | Improper Privilege Management vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. | 7.8 |
2024-02-06 | CVE-2024-22238 | Cross-site Scripting vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | 4.8 |
2024-02-06 | CVE-2024-22239 | Improper Privilege Management vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. | 7.8 |