CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vmware : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-27772 668 2022-03-30 2022-04-07
4.6
None Local Low Not required Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.
2 CVE-2022-22976 190 Overflow 2022-05-19 2022-07-25
4.3
None Remote Medium Not required Partial None None
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
3 CVE-2022-22971 770 DoS 2022-05-12 2022-10-05
4.0
None Remote Low ??? None None Partial
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
4 CVE-2022-22953 200 +Info 2022-06-16 2022-06-27
4.0
None Remote Low ??? Partial None None
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
5 CVE-2022-22950 770 DoS 2022-04-01 2022-06-22
4.0
None Remote Low ??? None None Partial
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
6 CVE-2022-22948 276 2022-03-29 2022-04-08
4.0
None Remote Low ??? Partial None None
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
7 CVE-2022-22939 532 2022-02-04 2022-02-10
4.0
None Remote Low ??? Partial None None
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
8 CVE-2021-22118 668 2021-05-27 2022-10-25
4.6
None Local Low Not required Partial Partial Partial
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
9 CVE-2021-22116 20 DoS 2021-06-08 2022-10-25
4.3
None Remote Medium Not required None None Partial
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
10 CVE-2021-22113 863 Bypass 2021-02-23 2021-03-02
4.3
None Remote Medium Not required None Partial None
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.
11 CVE-2021-22096 2021-10-28 2022-04-28
4.0
None Remote Low ??? None Partial None
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
12 CVE-2021-22095 502 2021-11-30 2021-12-01
4.0
None Remote Low ??? None None Partial
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
13 CVE-2021-22060 2022-01-10 2022-05-13
4.0
None Remote Low ??? None Partial None
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
14 CVE-2021-22051 863 2021-11-08 2021-11-09
4.0
None Remote Low ??? None Partial None
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
15 CVE-2021-22047 668 2021-10-28 2021-11-01
4.3
None Remote Medium Not required Partial None None
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
16 CVE-2021-22042 863 2022-02-16 2022-02-25
4.6
None Local Low Not required Partial Partial Partial
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
17 CVE-2021-22041 Exec Code 2022-02-16 2022-02-24
4.6
None Local Low Not required Partial Partial Partial
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
18 CVE-2021-22040 416 Exec Code 2022-02-16 2022-02-24
4.6
None Local Low Not required Partial Partial Partial
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
19 CVE-2021-22037 427 2021-10-29 2021-11-03
4.4
None Local Medium Not required Partial Partial Partial
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.
20 CVE-2021-22036 200 +Info 2021-10-13 2021-10-20
4.3
None Remote Medium Not required Partial None None
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
21 CVE-2021-22035 74 2021-10-13 2021-10-20
4.0
None Remote Low ??? None Partial None
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
22 CVE-2021-22033 918 2021-10-13 2021-10-19
4.0
None Remote Low ??? Partial None None
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
23 CVE-2021-22022 22 Dir. Trav. 2021-08-30 2022-02-01
4.0
None Remote Low ??? Partial None None
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
24 CVE-2021-22016 79 XSS 2021-09-23 2021-09-27
4.3
None Remote Medium Not required None Partial None
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
25 CVE-2021-21993 918 2021-09-23 2021-09-27
4.0
None Remote Low ??? Partial None None
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
26 CVE-2021-21991 2021-09-22 2022-07-12
4.6
None Local Low Not required Partial Partial Partial
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).
27 CVE-2021-21990 79 XSS 2021-05-11 2022-06-05
4.3
None Remote Medium Not required None Partial None
VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.
28 CVE-2021-21981 269 2021-04-19 2021-04-22
4.6
None Local Low Not required Partial Partial Partial
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
29 CVE-2020-11652 22 Dir. Trav. 2020-04-30 2022-05-03
4.0
None Remote Low ??? Partial None None
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
30 CVE-2020-10713 120 Exec Code Overflow Bypass 2020-07-30 2022-11-16
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
31 CVE-2020-5426 319 2020-11-11 2020-12-01
4.3
None Remote Medium Not required Partial None None
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.
32 CVE-2020-5425 287 2020-10-31 2020-11-17
4.6
None Remote High ??? Partial Partial Partial
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.
33 CVE-2020-5419 427 Exec Code 2020-08-31 2022-03-17
4.6
None Local Low Not required Partial Partial Partial
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
34 CVE-2020-5412 610 2020-08-07 2020-08-11
4.0
None Remote Low ??? Partial None None
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
35 CVE-2020-5408 330 2020-05-14 2021-06-14
4.0
None Remote Low ??? Partial None None
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
36 CVE-2020-5406 522 2020-04-10 2020-04-13
4.0
None Remote Low ??? Partial None None
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
37 CVE-2020-5405 22 Dir. Trav. 2020-03-05 2020-03-07
4.3
None Remote Medium Not required None Partial None
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
38 CVE-2020-4004 416 Exec Code 2020-11-20 2020-12-03
4.6
None Local Low Not required Partial Partial Partial
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
39 CVE-2020-4003 89 Sql 2020-11-24 2020-12-07
4.0
None Remote Low ??? Partial None None
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.
40 CVE-2020-3993 2020-10-20 2020-10-30
4.3
None Remote Medium Not required None Partial None
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.
41 CVE-2020-3984 89 Sql 2020-11-24 2020-12-07
4.0
None Remote Low ??? Partial None None
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.
42 CVE-2020-3982 787 2020-10-20 2020-10-30
4.9
None Remote Medium ??? None Partial Partial
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
43 CVE-2020-3977 306 Bypass 2020-09-22 2020-09-30
4.0
None Remote Low ??? None Partial None
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
44 CVE-2020-3969 193 Exec Code Overflow 2020-06-24 2020-07-01
4.4
None Local Medium Not required Partial Partial Partial
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
45 CVE-2020-3968 787 DoS Exec Code 2020-06-25 2020-07-01
4.6
None Local Low Not required Partial Partial Partial
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
46 CVE-2020-3967 787 Exec Code Overflow 2020-06-25 2020-07-01
4.4
None Local Medium Not required Partial Partial Partial
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
47 CVE-2020-3962 416 Exec Code 2020-06-24 2020-07-01
4.4
None Local Medium Not required Partial Partial Partial
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
48 CVE-2020-3955 79 XSS 2020-04-29 2020-05-08
4.3
None Remote Medium Not required None Partial None
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3.
49 CVE-2020-3948 269 2020-03-16 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
50 CVE-2020-3940 295 2020-01-17 2020-01-27
4.3
None Remote Medium Not required Partial None None
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
Total number of vulnerabilities : 137   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.