Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2024-06-18 CVE-2024-37080 Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.
network
low complexity
vmware CWE-787
critical
 9.8
9.8
2024-03-07 CVE-2024-22256 Unspecified vulnerability in VMWare Cloud Director 10.4.0/10.5
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
network
low complexity
vmware
4.3
4.3
2024-03-05 CVE-2024-22252 Use After Free vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
local
low complexity
vmware CWE-416
6.7
6.7
2024-02-21 CVE-2024-22235 Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
local
low complexity
vmware
6.7
6.7
2024-02-06 CVE-2024-22237 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
local
low complexity
vmware CWE-269
7.8
7.8
2024-02-06 CVE-2024-22238 Cross-site Scripting vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
network
low complexity
vmware CWE-79
4.8
4.8
2024-02-06 CVE-2024-22239 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
local
low complexity
vmware CWE-269
7.8
7.8
2024-02-06 CVE-2024-22240 Files or Directories Accessible to External Parties vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
network
low complexity
vmware CWE-552
4.9
4.9
2024-02-06 CVE-2024-22241 Cross-site Scripting vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
network
low complexity
vmware CWE-79
4.8
4.8
2024-02-05 CVE-2023-34042 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Security
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit.
local
low complexity
vmware CWE-732
5.5
5.5