Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-04	CVE-2025-22226	Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. local low complexity vmware	6.0
2025-01-30	CVE-2025-22220	Unspecified vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user. network low complexity vmware	5.4
2025-01-30	CVE-2025-22221	Unspecified vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. network low complexity vmware	4.8
2025-01-30	CVE-2025-22222	Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. network low complexity vmware	6.5
2024-11-26	CVE-2024-38832	Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. network low complexity vmware	6.4
2024-11-26	CVE-2024-38833	Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. network low complexity vmware	5.4
2024-11-26	CVE-2024-38834	Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. network low complexity vmware	4.8
2024-10-18	CVE-2024-38820	Unspecified vulnerability in VMWare Spring Framework The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. network low complexity vmware	5.3
2024-07-04	CVE-2024-22277	Cross-site Scripting vulnerability in VMWare Cloud Director VMware Cloud Director Availability contains an HTML injection vulnerability. network low complexity vmware CWE-79	5.4
2024-05-14	CVE-2024-22268	Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. local low complexity vmware CWE-787	6.5