| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-23825 |
668 |
|
|
2022-07-14 |
2023-01-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. |
|
2 |
CVE-2022-22946 |
295 |
|
|
2022-03-04 |
2022-07-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. |
|
3 |
CVE-2022-22938 |
|
|
|
2022-01-28 |
2022-02-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. |
|
4 |
CVE-2022-21166 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
5 |
CVE-2022-21125 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
6 |
CVE-2022-21123 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
7 |
CVE-2021-22020 |
|
|
|
2021-09-23 |
2021-09-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. |
|
8 |
CVE-2021-22007 |
|
|
+Priv |
2021-09-23 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information. |
|
9 |
CVE-2021-21989 |
125 |
|
|
2021-05-24 |
2021-06-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. |
|
10 |
CVE-2021-21988 |
125 |
|
|
2021-05-24 |
2021-06-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. |
|
11 |
CVE-2021-21987 |
125 |
|
|
2021-05-24 |
2021-06-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. |
|
12 |
CVE-2020-5397 |
352 |
|
CSRF |
2020-01-17 |
2022-07-25 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. |
|
13 |
CVE-2020-3999 |
476 |
|
DoS |
2020-12-21 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. |
|
14 |
CVE-2020-3996 |
|
|
+Info |
2020-10-22 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. |
|
15 |
CVE-2020-3990 |
190 |
|
Overflow +Info |
2020-09-16 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. |
|
16 |
CVE-2020-3989 |
787 |
|
DoS |
2020-09-16 |
2020-09-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. |
|
17 |
CVE-2020-3971 |
787 |
|
Overflow |
2020-06-25 |
2020-07-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. |
|
18 |
CVE-2020-3965 |
125 |
|
+Info |
2020-06-25 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. |
|
19 |
CVE-2020-3963 |
416 |
|
|
2020-06-25 |
2023-01-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. |
|
20 |
CVE-2020-3959 |
119 |
|
DoS Overflow |
2020-05-29 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. |
|
21 |
CVE-2020-3958 |
20 |
|
DoS |
2020-05-29 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. |
|
22 |
CVE-2019-5535 |
20 |
|
|
2019-10-10 |
2021-07-21 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7. |
|
23 |
CVE-2018-6975 |
311 |
|
|
2018-09-11 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. |
|
24 |
CVE-2018-6971 |
532 |
|
|
2018-07-25 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation. |
|
25 |
CVE-2018-6963 |
476 |
|
|
2018-05-22 |
2018-06-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine. |
|
26 |
CVE-2017-4966 |
200 |
|
+Info |
2017-06-13 |
2022-05-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. |
|
27 |
CVE-2017-4945 |
|
|
|
2018-01-05 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default. |
|
28 |
CVE-2017-4938 |
476 |
|
|
2017-11-17 |
2017-12-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. |
|
29 |
CVE-2017-4925 |
476 |
|
|
2017-09-15 |
2022-02-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. |
|
30 |
CVE-2017-4905 |
908 |
|
+Info |
2017-06-07 |
2022-02-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. |
|
31 |
CVE-2017-4900 |
476 |
|
|
2017-06-07 |
2017-07-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. |
|
32 |
CVE-2017-4896 |
|
|
|
2017-05-10 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. |
|
33 |
CVE-2011-2146 |
200 |
|
+Info |
2011-06-06 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. |
|
34 |
CVE-2011-1788 |
200 |
|
+Info |
2011-05-09 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. |
|
35 |
CVE-2010-4655 |
665 |
|
+Info |
2011-07-18 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. |
|
36 |
CVE-2010-3277 |
264 |
|
|
2010-09-28 |
2010-09-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. |
|
37 |
CVE-2010-3078 |
200 |
|
+Info |
2010-09-21 |
2020-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. |
|
38 |
CVE-2010-2942 |
401 |
|
+Info |
2010-09-21 |
2020-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. |
|
39 |
CVE-2010-2928 |
255 |
|
+Priv |
2011-02-16 |
2018-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file. |
|
40 |
CVE-2010-2066 |
|
|
|
2010-09-08 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. |
|
41 |
CVE-2009-2899 |
200 |
|
+Info |
2012-12-05 |
2012-12-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. |
|
42 |
CVE-2009-0518 |
200 |
|
+Info |
2009-04-06 |
2017-09-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password. |
|
43 |
CVE-2008-2101 |
200 |
|
+Info |
2008-09-03 |
2018-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. |
|
44 |
CVE-2006-3547 |
|
|
DoS |
2006-07-13 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
** DISPUTED ** EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed. |
|
45 |
CVE-2005-3620 |
|
|
+Priv |
2005-12-31 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. |
