Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-23825 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
local
low complexity
debian fedoraproject amd vmware CWE-668
2.1
2022-07-12 CVE-2022-31654 Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
network
vmware CWE-79
3.5
2022-07-12 CVE-2022-31655 Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
network
vmware CWE-79
3.5
2022-07-12 CVE-2022-29901 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data.
1.9
2022-06-23 CVE-2022-22980 Expression Language Injection vulnerability in VMWare Spring Data Mongodb
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
network
vmware CWE-917
6.8
2022-06-21 CVE-2022-22979 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Spring Cloud Function
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
network
low complexity
vmware CWE-770
5.0
2022-06-16 CVE-2022-22953 Information Exposure vulnerability in VMWare HCX 4.3.1/4.3.2
VMware HCX update addresses an information disclosure vulnerability.
network
low complexity
vmware CWE-200
4.0
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
2.1
2022-06-15 CVE-2022-21123 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
2.1
2022-06-15 CVE-2022-21125 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
2.1