Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-37084 Unspecified vulnerability in VMWare Spring Cloud Data Flow 2.11.0/2.11.1/2.11.2
In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
network
low complexity
vmware
8.8
2024-07-11 CVE-2024-22280 SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
network
low complexity
vmware CWE-89
8.1
2024-07-04 CVE-2024-22277 Cross-site Scripting vulnerability in VMWare Cloud Director
VMware Cloud Director Availability contains an HTML injection vulnerability.
network
low complexity
vmware CWE-79
5.4
2024-06-25 CVE-2024-37085 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
network
low complexity
vmware CWE-287
7.2
2024-06-18 CVE-2024-37079 Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.
network
low complexity
vmware CWE-787
critical
9.8
2024-06-18 CVE-2024-37080 Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.
network
low complexity
vmware CWE-787
critical
9.8
2024-03-07 CVE-2024-22256 Unspecified vulnerability in VMWare Cloud Director 10.5
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
network
low complexity
vmware
4.3
2024-02-06 CVE-2024-22237 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
local
low complexity
vmware CWE-269
7.8
2024-02-06 CVE-2024-22238 Cross-site Scripting vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
network
low complexity
vmware CWE-79
4.8
2024-02-06 CVE-2024-22239 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
local
low complexity
vmware CWE-269
7.8