Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22239 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
local
low complexity
vmware CWE-269
7.8
2024-01-22 CVE-2024-22233 Unspecified vulnerability in VMWare Spring Framework 6.0.15/6.1.2
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
network
low complexity
vmware
7.5
2024-01-16 CVE-2023-34063 Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
network
low complexity
vmware CWE-862
8.3
2023-12-13 CVE-2022-22942 Use After Free vulnerability in VMWare Photon OS 3.0/4.0
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
local
low complexity
vmware CWE-416
7.8
2023-11-28 CVE-2023-34053 Unspecified vulnerability in VMWare Spring Framework
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
network
low complexity
vmware
7.5
2023-10-27 CVE-2023-34057 Improper Privilege Management vulnerability in VMWare Tools
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
local
low complexity
vmware CWE-269
7.8
2023-10-27 CVE-2023-34058 Improper Verification of Cryptographic Signature vulnerability in multiple products
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
7.5
2023-10-27 CVE-2023-34059 open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
local
high complexity
vmware debian
7.0
2023-10-25 CVE-2023-46120 Resource Exhaustion vulnerability in VMWare Rabbitmq Java Client
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes.
network
low complexity
vmware CWE-400
7.5
2023-10-20 CVE-2023-34045 Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1/13.0.2
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
local
low complexity
vmware
7.8