Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22237 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
local
low complexity
vmware CWE-269
7.8
2024-02-06 CVE-2024-22239 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
local
low complexity
vmware CWE-269
7.8
2024-01-22 CVE-2024-22233 Unspecified vulnerability in VMWare Spring Framework 6.0.15/6.1.2
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
network
low complexity
vmware
7.5
2024-01-16 CVE-2023-34063 Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
network
low complexity
vmware CWE-862
8.3
2023-12-13 CVE-2022-22942 Use After Free vulnerability in VMWare Photon OS 3.0/4.0
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
local
low complexity
vmware CWE-416
7.8
2023-11-28 CVE-2023-34053 Unspecified vulnerability in VMWare Spring Framework
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
network
low complexity
vmware
7.5
2023-10-27 CVE-2023-34057 Improper Privilege Management vulnerability in VMWare Tools
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
local
low complexity
vmware CWE-269
7.8
2023-10-27 CVE-2023-34058 Improper Verification of Cryptographic Signature vulnerability in multiple products
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
7.5
2023-10-27 CVE-2023-34059 open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
local
high complexity
vmware debian
7.0
2023-10-25 CVE-2023-46120 Resource Exhaustion vulnerability in VMWare Rabbitmq Java Client
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes.
network
low complexity
vmware CWE-400
7.5