| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-6366 |
94 |
1
|
Exec Code |
2013-11-04 |
2013-11-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. |
|
2 |
CVE-2012-0903 |
79 |
1
|
XSS |
2012-01-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. |
|
3 |
CVE-2022-31655 |
79 |
|
XSS |
2022-07-12 |
2022-07-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. |
|
4 |
CVE-2022-31654 |
79 |
|
XSS |
2022-07-12 |
2022-07-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. |
|
5 |
CVE-2022-29901 |
668 |
|
Exec Code Bypass |
2022-07-12 |
2023-02-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. |
|
6 |
CVE-2022-27772 |
668 |
|
|
2022-03-30 |
2022-04-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. |
|
7 |
CVE-2022-23825 |
668 |
|
|
2022-07-14 |
2023-01-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. |
|
8 |
CVE-2022-22980 |
917 |
|
|
2022-06-23 |
2022-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. |
|
9 |
CVE-2022-22979 |
770 |
|
|
2022-06-21 |
2022-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. |
|
10 |
CVE-2022-22976 |
190 |
|
Overflow |
2022-05-19 |
2023-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. |
|
11 |
CVE-2022-22975 |
74 |
|
|
2022-05-11 |
2022-05-19 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership. |
|
12 |
CVE-2022-22971 |
770 |
|
DoS |
2022-05-12 |
2022-10-05 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. |
|
13 |
CVE-2022-22970 |
770 |
|
|
2022-05-12 |
2022-10-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. |
|
14 |
CVE-2022-22968 |
178 |
|
|
2022-04-14 |
2022-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. |
|
15 |
CVE-2022-22966 |
|
|
Exec Code +Priv |
2022-04-14 |
2022-04-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. |
|
16 |
CVE-2022-22953 |
200 |
|
+Info |
2022-06-16 |
2022-06-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. |
|
17 |
CVE-2022-22950 |
770 |
|
DoS |
2022-04-01 |
2022-06-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. |
|
18 |
CVE-2022-22948 |
276 |
|
|
2022-03-29 |
2022-04-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. |
|
19 |
CVE-2022-22947 |
94 |
|
Exec Code |
2022-03-03 |
2022-10-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. |
|
20 |
CVE-2022-22946 |
295 |
|
|
2022-03-04 |
2023-02-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. |
|
21 |
CVE-2022-22944 |
79 |
|
XSS |
2022-03-02 |
2022-03-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window. |
|
22 |
CVE-2022-22939 |
532 |
|
|
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. |
|
23 |
CVE-2022-22938 |
|
|
|
2022-01-28 |
2022-02-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. |
|
24 |
CVE-2022-21166 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
25 |
CVE-2022-21125 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
26 |
CVE-2022-21123 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
27 |
CVE-2021-32719 |
79 |
|
Exec Code XSS |
2021-06-28 |
2021-07-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead. |
|
28 |
CVE-2021-32718 |
79 |
|
Exec Code XSS |
2021-06-28 |
2021-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. |
|
29 |
CVE-2021-22119 |
863 |
|
|
2021-06-29 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. |
|
30 |
CVE-2021-22118 |
668 |
|
|
2021-05-27 |
2022-10-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. |
|
31 |
CVE-2021-22116 |
20 |
|
DoS |
2021-06-08 |
2022-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. |
|
32 |
CVE-2021-22114 |
22 |
|
Dir. Trav. |
2021-03-01 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. |
|
33 |
CVE-2021-22113 |
863 |
|
Bypass |
2021-02-23 |
2021-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. |
|
34 |
CVE-2021-22097 |
502 |
|
|
2021-10-28 |
2021-11-01 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called. |
|
35 |
CVE-2021-22096 |
|
|
|
2021-10-28 |
2022-04-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. |
|
36 |
CVE-2021-22095 |
502 |
|
|
2021-11-30 |
2021-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message |
|
37 |
CVE-2021-22060 |
|
|
|
2022-01-10 |
2022-05-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. |
|
38 |
CVE-2021-22055 |
74 |
|
|
2022-04-11 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. |
|
39 |
CVE-2021-22054 |
918 |
|
|
2021-12-17 |
2021-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. |
|
40 |
CVE-2021-22053 |
94 |
|
Exec Code |
2021-11-19 |
2021-11-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. |
|
41 |
CVE-2021-22051 |
863 |
|
|
2021-11-08 |
2021-11-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. |
|
42 |
CVE-2021-22050 |
770 |
|
|
2022-02-16 |
2022-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests. |
|
43 |
CVE-2021-22048 |
|
|
|
2021-11-10 |
2023-01-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. |
|
44 |
CVE-2021-22047 |
668 |
|
|
2021-10-28 |
2021-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. |
|
45 |
CVE-2021-22045 |
787 |
|
Exec Code Overflow |
2022-01-04 |
2022-01-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. |
|
46 |
CVE-2021-22044 |
668 |
|
|
2021-10-28 |
2022-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. |
|
47 |
CVE-2021-22043 |
367 |
|
|
2022-02-16 |
2022-02-24 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. |
|
48 |
CVE-2021-22042 |
863 |
|
|
2022-02-16 |
2022-02-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user. |
|
49 |
CVE-2021-22041 |
|
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
|
50 |
CVE-2021-22040 |
416 |
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
