vmware

950 tracked vulnerabilities.

CVE-2024-38833 MEDIUM
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting via Email Template Injection
Nov 26, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-38832 HIGH
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting in View Editing
Nov 26, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-38831 HIGH
VMware Aria Operations 8.0-8.18.1 - Authenticated Local Privilege Escalation via Properties File Injection
Nov 26, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-38830 HIGH
VMware Aria Operations 8.0-8.18.1 - Local Privilege Escalation to Root
Nov 26, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-38820 LOW
Spring Framework 5.3.0-5.3.40 and 6.1.0-6.1.13 - Case Sensitivity Bypass in DataBinder DisallowedFields
Oct 18, 2024
CVSS 3.1
EPSS 0.02
CVE-2024-38814 HIGH
VMware HCX >=4.8.0 <4.8.2 - Authenticated SQL Injection and Remote Code Execution
Oct 16, 2024
CVSS 8.8
EPSS 0.26
CVE-2024-38813 HIGH KEV
VMware Cloud Foundation >=4.0 <5.2 and vCenter Server - Privilege Escalation to Root via Network Packet
Sep 17, 2024
CVSS 7.5
EPSS 0.30
CVE-2024-38812 CRITICAL KEV
VMware Cloud Foundation 4.0-5.1 - Heap-based Buffer Overflow via DCERPC Protocol
Sep 17, 2024
CVSS 9.8
EPSS 0.78
CVE-2024-38811 HIGH
VMware Fusion 13.0.0-13.5 - Authenticated Remote Code Execution via Insecure Environment Variable
Sep 03, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-38808 MEDIUM
Spring Framework 5.3.0-5.3.38 - Denial of Service via SpEL Expression Parsing
Aug 20, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-38810 MEDIUM
Spring Security 6.3.0-6.3.1 - Missing Authorization via @AuthorizeReturnObject Annotation
Aug 20, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-37084 CRITICAL
Spring Cloud Data Flow < 2.11.4 - Authenticated Arbitrary File Write via Skipper Server API
Jul 25, 2024
CVSS 9.8
EPSS 0.83
CVE-2024-22280 HIGH
VMware Aria Automation - SQL Injection
Jul 11, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-22277 MEDIUM
VMware Cloud Director Availability - XSS
Jul 04, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-22232 HIGH
Salt File Server < unknown - Path Traversal
Jun 27, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-22231 MEDIUM
Salt < 3005.5 - Directory Traversal via Syndic Cache Directory Creation
Jun 27, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-37087 MEDIUM
VMware Cloud Foundation >=4.0 <5.2 and vCenter Server - Denial of Service
Jun 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-37086 MEDIUM
VMware ESXi - Denial of Service via Out-of-Bounds Read
Jun 25, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-37085 MEDIUM KEV
VMware ESXi - Authentication Bypass via Recreated Active Directory Group
Jun 25, 2024
CVSS 6.8
EPSS 0.77
CVE-2024-37081 HIGH
vCenter Sudo Privilege Escalation
Jun 18, 2024
CVSS 7.8
EPSS 0.50
CVE-2024-37080 CRITICAL
VMware vCenter Server - Heap-based Buffer Overflow via DCERPC Protocol
Jun 18, 2024
CVSS 9.8
EPSS 0.25
CVE-2024-37079 CRITICAL KEV
VMware Cloud Foundation 4.0-5.1 - Remote Code Execution via DCERPC Heap Overflow
Jun 18, 2024
CVSS 9.8
EPSS 0.82
CVE-2024-22275 MEDIUM
VMware Cloud Foundation 4.0-5.1.0 - Authenticated Partial File Read
May 21, 2024
CVSS 4.9
EPSS 0.12
CVE-2024-22274 HIGH
VMware vCenter Server - Authenticated Appliance Shell Command Execution
May 21, 2024
CVSS 7.2
EPSS 0.63
CVE-2024-22273 HIGH
VMware ESXi, Workstation, Fusion - Memory Corruption
May 21, 2024
CVSS 8.1
EPSS 0.00
Products
workstation 213 esxi 139 cloud_foundation 132 fusion 131 player 89 esx 86 vcenter_server 79 server 58 spring_framework 48 ace 44 identity_manager 28 workstation_pro 27 workstation_player 26 horizon_client 25 spring_security 24 Workstation 23 tools 22 vrealize_suite_lifecycle_manager 21 vrealize_automation 20 spring_boot 18 vrealize_operations 18 ESXi 16 vmware_workstation 15 vrealize_log_insight 15 workspace_one_access 15 horizon_view 14 spring_ai 14 vcenter_server_appliance 14 Fusion 13 aria_operations 13
Quick Filters
Critical CVEs With Exploits In CISA KEV