Vulnerabilities > Vmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-18 | CVE-2024-37080 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | 9.8 |
2024-03-07 | CVE-2024-22256 | Unspecified vulnerability in VMWare Cloud Director 10.4.0/10.5 VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. | 4.3 |
2024-02-06 | CVE-2024-22237 | Improper Privilege Management vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. | 7.8 |
2024-02-06 | CVE-2024-22238 | Cross-site Scripting vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | 4.8 |
2024-02-06 | CVE-2024-22239 | Improper Privilege Management vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. | 7.8 |
2024-02-06 | CVE-2024-22240 | Files or Directories Accessible to External Parties vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | 4.9 |
2024-02-06 | CVE-2024-22241 | Cross-site Scripting vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | 4.8 |
2024-02-05 | CVE-2023-34042 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Security The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. | 5.5 |
2024-01-31 | CVE-2024-22236 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Cloud Contract In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | 5.5 |
2024-01-22 | CVE-2024-22233 | Unspecified vulnerability in VMWare Spring Framework 6.0.15/6.1.2 In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. | 7.5 |