Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2025-22226 | Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | 6.0 |
| 2024-10-18 | CVE-2024-38820 | Unspecified vulnerability in VMWare Spring Framework The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. | 5.3 |
| 2024-07-04 | CVE-2024-22277 | Cross-site Scripting vulnerability in VMWare Cloud Director VMware Cloud Director Availability contains an HTML injection vulnerability. | 5.4 |
| 2024-05-14 | CVE-2024-22268 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. | 6.5 |
| 2024-03-07 | CVE-2024-22256 | Unspecified vulnerability in VMWare Cloud Director 10.4.0/10.5 VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. | 4.3 |
| 2024-03-05 | CVE-2024-22252 | Use After Free vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | 6.7 |
| 2024-02-21 | CVE-2024-22235 | Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | 6.7 |
| 2024-02-06 | CVE-2024-22238 | Cross-site Scripting vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | 4.8 |
| 2024-02-06 | CVE-2024-22240 | Files or Directories Accessible to External Parties vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | 4.9 |
| 2024-02-06 | CVE-2024-22241 | Cross-site Scripting vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | 4.8 |