Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-22236 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Cloud Contract In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | 5.5 |
| 2024-01-22 | CVE-2024-22233 | Unspecified vulnerability in VMWare Spring Framework 6.0.15/6.1.2 In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. | 7.5 |
| 2024-01-16 | CVE-2023-34063 | Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | 8.3 |
| 2023-12-13 | CVE-2022-22942 | Use After Free vulnerability in VMWare Photon OS 3.0/4.0 The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | 7.8 |
| 2023-12-12 | CVE-2023-34064 | Unspecified vulnerability in VMWare Workspace ONE Launcher Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. low complexity vmware | 4.6 |
| 2023-11-28 | CVE-2023-34053 | Unspecified vulnerability in VMWare Spring Framework In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | 7.5 |
| 2023-11-28 | CVE-2023-34055 | Unspecified vulnerability in VMWare Spring Boot In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath | 6.5 |
| 2023-11-14 | CVE-2023-34060 | Missing Authentication for Critical Function vulnerability in VMWare Cloud Director 10.4.0 VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . | 9.8 |
| 2023-10-31 | CVE-2023-20886 | Open Redirect vulnerability in VMWare Workspace ONE UEM VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. | 6.1 |
| 2023-10-27 | CVE-2023-34057 | Improper Privilege Management vulnerability in VMWare Tools VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. | 7.8 |