Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-05	CVE-2022-31663	Cross-site Scripting vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. network low complexity vmware CWE-79	6.1
2022-07-14	CVE-2022-23825	Exposure of Resource to Wrong Sphere vulnerability in multiple products Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. local low complexity debian fedoraproject amd vmware CWE-668	6.5
2022-07-12	CVE-2022-31654	Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. network low complexity vmware CWE-79	5.4
2022-07-12	CVE-2022-31655	Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. network low complexity vmware CWE-79	5.4
2022-07-12	CVE-2022-29901	Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. local low complexity intel xen fedoraproject vmware debian CWE-668	6.5
2022-06-16	CVE-2022-22953	Unspecified vulnerability in VMWare HCX 4.3.1/4.3.2 VMware HCX update addresses an information disclosure vulnerability. network low complexity vmware	6.5
2022-06-15	CVE-2022-21166	Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity xen fedoraproject intel vmware debian CWE-459	5.5
2022-06-15	CVE-2022-21123	Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity xen fedoraproject intel vmware debian CWE-459	5.5
2022-06-15	CVE-2022-21125	Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity xen fedoraproject intel vmware debian CWE-459	5.5
2022-05-19	CVE-2022-22976	Integer Overflow or Wraparound vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. network low complexity vmware oracle netapp CWE-190	5.3