| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-6366 |
94 |
1
|
Exec Code |
2013-11-04 |
2013-11-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. |
|
2 |
CVE-2012-0903 |
79 |
1
|
XSS |
2012-01-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. |
|
3 |
CVE-2022-27772 |
668 |
|
|
2022-03-30 |
2022-04-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. |
|
4 |
CVE-2022-22980 |
917 |
|
|
2022-06-23 |
2022-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. |
|
5 |
CVE-2022-22979 |
770 |
|
|
2022-06-21 |
2022-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. |
|
6 |
CVE-2022-22976 |
190 |
|
Overflow |
2022-05-19 |
2023-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. |
|
7 |
CVE-2022-22975 |
74 |
|
|
2022-05-11 |
2022-05-19 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership. |
|
8 |
CVE-2022-22971 |
770 |
|
DoS |
2022-05-12 |
2022-10-05 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. |
|
9 |
CVE-2022-22968 |
178 |
|
|
2022-04-14 |
2022-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. |
|
10 |
CVE-2022-22966 |
|
|
Exec Code +Priv |
2022-04-14 |
2022-04-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. |
|
11 |
CVE-2022-22953 |
200 |
|
+Info |
2022-06-16 |
2022-06-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. |
|
12 |
CVE-2022-22950 |
770 |
|
DoS |
2022-04-01 |
2022-06-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. |
|
13 |
CVE-2022-22948 |
276 |
|
|
2022-03-29 |
2022-04-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. |
|
14 |
CVE-2022-22947 |
94 |
|
Exec Code |
2022-03-03 |
2022-10-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. |
|
15 |
CVE-2022-22939 |
532 |
|
|
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. |
|
16 |
CVE-2021-22119 |
863 |
|
|
2021-06-29 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. |
|
17 |
CVE-2021-22118 |
668 |
|
|
2021-05-27 |
2022-10-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. |
|
18 |
CVE-2021-22116 |
20 |
|
DoS |
2021-06-08 |
2022-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. |
|
19 |
CVE-2021-22114 |
22 |
|
Dir. Trav. |
2021-03-01 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. |
|
20 |
CVE-2021-22113 |
863 |
|
Bypass |
2021-02-23 |
2021-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. |
|
21 |
CVE-2021-22097 |
502 |
|
|
2021-10-28 |
2021-11-01 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called. |
|
22 |
CVE-2021-22096 |
|
|
|
2021-10-28 |
2022-04-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. |
|
23 |
CVE-2021-22095 |
502 |
|
|
2021-11-30 |
2021-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message |
|
24 |
CVE-2021-22060 |
|
|
|
2022-01-10 |
2022-05-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. |
|
25 |
CVE-2021-22055 |
74 |
|
|
2022-04-11 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. |
|
26 |
CVE-2021-22054 |
918 |
|
|
2021-12-17 |
2021-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. |
|
27 |
CVE-2021-22053 |
94 |
|
Exec Code |
2021-11-19 |
2021-11-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. |
|
28 |
CVE-2021-22051 |
863 |
|
|
2021-11-08 |
2021-11-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. |
|
29 |
CVE-2021-22050 |
770 |
|
|
2022-02-16 |
2022-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests. |
|
30 |
CVE-2021-22048 |
|
|
|
2021-11-10 |
2023-01-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. |
|
31 |
CVE-2021-22047 |
668 |
|
|
2021-10-28 |
2021-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. |
|
32 |
CVE-2021-22045 |
787 |
|
Exec Code Overflow |
2022-01-04 |
2022-01-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. |
|
33 |
CVE-2021-22044 |
668 |
|
|
2021-10-28 |
2022-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. |
|
34 |
CVE-2021-22043 |
367 |
|
|
2022-02-16 |
2022-02-24 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. |
|
35 |
CVE-2021-22042 |
863 |
|
|
2022-02-16 |
2022-02-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user. |
|
36 |
CVE-2021-22041 |
|
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
|
37 |
CVE-2021-22040 |
416 |
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
|
38 |
CVE-2021-22038 |
330 |
|
+Priv |
2021-10-29 |
2021-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers. |
|
39 |
CVE-2021-22037 |
427 |
|
|
2021-10-29 |
2021-11-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers. |
|
40 |
CVE-2021-22036 |
200 |
|
+Info |
2021-10-13 |
2021-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. |
|
41 |
CVE-2021-22035 |
74 |
|
|
2021-10-13 |
2021-10-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. |
|
42 |
CVE-2021-22034 |
|
|
|
2021-10-21 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. |
|
43 |
CVE-2021-22033 |
918 |
|
|
2021-10-13 |
2021-10-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. |
|
44 |
CVE-2021-22029 |
770 |
|
DoS |
2021-08-31 |
2021-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting. |
|
45 |
CVE-2021-22027 |
918 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. |
|
46 |
CVE-2021-22026 |
918 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. |
|
47 |
CVE-2021-22025 |
287 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. |
|
48 |
CVE-2021-22024 |
532 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. |
|
49 |
CVE-2021-22023 |
639 |
|
|
2021-08-30 |
2022-02-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. |
|
50 |
CVE-2021-22022 |
22 |
|
Dir. Trav. |
2021-08-30 |
2022-02-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. |
