Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-02 | CVE-2022-22944 | Cross-site Scripting vulnerability in VMWare Workspace ONE Boxer VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. | 5.4 |
| 2022-02-16 | CVE-2021-22040 | Use After Free vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. | 6.7 |
| 2022-02-16 | CVE-2021-22041 | Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. | 6.7 |
| 2022-02-04 | CVE-2022-22939 | Information Exposure Through Log Files vulnerability in VMWare Cloud Foundation VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. | 4.9 |
| 2022-01-28 | CVE-2022-22938 | Unspecified vulnerability in VMWare Horizon and Workstation VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. | 6.5 |
| 2022-01-10 | CVE-2021-22060 | In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.3 |
| 2021-11-30 | CVE-2021-22095 | Deserialization of Untrusted Data vulnerability in VMWare Spring Advanced Message Queuing Protocol In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. | 6.5 |
| 2021-11-08 | CVE-2021-22051 | Incorrect Authorization vulnerability in VMWare Spring Cloud Gateway Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. | 6.5 |
| 2021-10-28 | CVE-2021-22047 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Spring Data Rest In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. | 5.3 |
| 2021-10-28 | CVE-2021-22096 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.3 |