Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2009-1142 | Link Following vulnerability in VMWare Open VM Tools 2009.03.18154848 An issue was discovered in open-vm-tools 2009.03.18-154848. | 6.7 |
| 2022-11-09 | CVE-2022-31688 | Cross-site Scripting vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. | 6.1 |
| 2022-10-11 | CVE-2022-31682 | Unspecified vulnerability in VMWare Vrealize Operations VMware Aria Operations contains an arbitrary file read vulnerability. | 4.9 |
| 2022-10-07 | CVE-2022-31681 | NULL Pointer Dereference vulnerability in VMWare Esxi VMware ESXi contains a null-pointer deference vulnerability. | 6.5 |
| 2022-07-14 | CVE-2022-23825 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | 6.5 |
| 2022-07-12 | CVE-2022-29901 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. | 6.5 |
| 2022-06-23 | CVE-2022-22980 | Expression Language Injection vulnerability in VMWare Spring Data Mongodb A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. | 6.8 |
| 2022-06-21 | CVE-2022-22979 | Allocation of Resources Without Limits or Throttling vulnerability in VMWare Spring Cloud Function In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. | 5.0 |
| 2022-06-16 | CVE-2022-22953 | Unspecified vulnerability in VMWare HCX 4.3.1/4.3.2 VMware HCX update addresses an information disclosure vulnerability. | 6.5 |
| 2022-06-15 | CVE-2022-21166 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |