vmware
950 tracked vulnerabilities.
CVE-2022-31654
MEDIUM
VMware vRealize Log Insight < 8.8.2 - Stored Cross-Site Scripting in Configurations
Jul 12, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-29901
MEDIUM
Intel Core i7 Firmware - Spectre Retpoline Bypass Exposes Sensitive Information
Jul 12, 2022
CVSS 5.6
EPSS 0.00
CVE-2022-22980
CRITICAL
Spring Data MongoDB - Code Injection
Jun 23, 2022
CVSS 9.8
EPSS 0.83
CVE-2022-22979
HIGH
Spring Cloud Function < 3.2.6 - Denial of Service via Function Catalog Caching Issue
Jun 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-22953
MEDIUM
VMware HCX - Information Disclosure
Jun 16, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-21166
MEDIUM
Xen < 1.14.100.3 - Information Disclosure
Jun 15, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-21125
MEDIUM
Xen - Incomplete Cleanup of Microarchitectural Fill Buffers
Jun 15, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-21123
MEDIUM
Xen - Incomplete Cleanup Information Disclosure
Jun 15, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-22977
HIGH
VMware Tools 10.0.0-10.3.24 - XML External Entity Injection
May 24, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-22973
HIGH
VMware Workspace ONE Access and Identity Manager - Local Privilege Escalation to Root
May 20, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-22972
CRITICAL
NUCLEI
VMware Identity Manager Workspace ONE Access and vRealize Automation - Authentication Bypass
May 20, 2022
CVSS 9.8
EPSS 0.94
CVE-2022-22978
CRITICAL
Spring Security < 5.5.7 - Authorization Bypass via RegexRequestMatcher Misconfiguration
May 19, 2022
CVSS 9.8
EPSS 0.89
CVE-2022-22976
MEDIUM
Spring Security 5.5.x < 5.5.7 and 5.6.x < 5.6.4 - Integer Overflow in BCrypt Work Factor
May 19, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-22971
MEDIUM
Spring Framework 5.2.0-5.2.20 and 5.3.0-5.3.19 - Authenticated Denial of Service via STOMP over WebSocket
May 12, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-22970
MEDIUM
Spring Framework < 5.2.22 - Denial of Service via File Upload Data Binding
May 12, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-22975
MEDIUM
Pinniped 0.9.0-0.16.9 - LDAP Query Injection via Common Name Manipulation
May 11, 2022
CVSS 6.6
EPSS 0.00
CVE-2022-22968
MEDIUM
Spring Framework <5.3.18,<5.2.20 - Info Disclosure
Apr 14, 2022
CVSS 5.3
EPSS 0.21
CVE-2022-22966
HIGH
VMware Cloud Director 10.1.0-10.1.4.1 - Authenticated Remote Code Execution
Apr 14, 2022
CVSS 7.2
EPSS 0.06
CVE-2022-22961
MEDIUM
VMware Workspace ONE Access, Identity Manager, vRealize Automation - Information Disclosure
Apr 13, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-22960
HIGH
KEV
VMware Workspace ONE Access CVE-2022-22960
Apr 13, 2022
CVSS 7.8
EPSS 0.72
CVE-2022-22959
MEDIUM
VMware Workspace ONE Access, Identity Manager & vRealize Automation - CSRF via JDBC URI
Apr 13, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-22958
HIGH
VMware Workspace ONE Access, Identity Manager, vRealize Automation - Remote Code Execution via JDBC URI Deserialization
Apr 13, 2022
CVSS 7.2
EPSS 0.03
CVE-2022-22957
HIGH
VMware Workspace ONE Access and Identity Manager - Remote Code Execution via JDBC URI Deserialization
Apr 13, 2022
CVSS 7.2
EPSS 0.43
CVE-2022-22956
CRITICAL
NUCLEI
VMware Workspace ONE Access - Authentication Bypass via OAuth2 ACS Framework
Apr 13, 2022
CVSS 9.8
EPSS 0.85
CVE-2022-22955
CRITICAL
VMware Workspace ONE Access - Authentication Bypass via OAuth2 ACS Framework
Apr 13, 2022
CVSS 9.8
EPSS 0.70
Products
workstation 213
esxi 139
cloud_foundation 132
fusion 131
player 89
esx 86
vcenter_server 79
server 58
spring_framework 48
ace 44
identity_manager 28
workstation_pro 27
workstation_player 26
horizon_client 25
spring_security 24
Workstation 23
tools 22
vrealize_suite_lifecycle_manager 21
vrealize_automation 20
spring_boot 18
vrealize_operations 18
ESXi 16
vmware_workstation 15
vrealize_log_insight 15
workspace_one_access 15
horizon_view 14
spring_ai 14
vcenter_server_appliance 14
Fusion 13
aria_operations 13
Quick Filters