Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-22950 | Allocation of Resources Without Limits or Throttling vulnerability in VMWare Spring Framework n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | 6.5 |
| 2022-03-29 | CVE-2022-22948 | Incorrect Default Permissions vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. | 6.5 |
| 2022-03-04 | CVE-2022-22946 | Improper Certificate Validation vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. | 5.5 |
| 2022-03-03 | CVE-2022-22943 | Uncontrolled Search Path Element vulnerability in VMWare Tools VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. | 6.7 |
| 2022-03-02 | CVE-2022-22944 | Cross-site Scripting vulnerability in VMWare Workspace ONE Boxer VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. | 5.4 |
| 2022-02-16 | CVE-2021-22040 | Use After Free vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. | 6.7 |
| 2022-02-16 | CVE-2021-22041 | Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. | 6.7 |
| 2022-02-04 | CVE-2022-22939 | Information Exposure Through Log Files vulnerability in VMWare Cloud Foundation VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. | 4.9 |
| 2022-01-28 | CVE-2022-22938 | Unspecified vulnerability in VMWare Horizon and Workstation VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. | 6.5 |
| 2022-01-10 | CVE-2021-22060 | In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.3 |