vmware

950 tracked vulnerabilities.

CVE-2023-20872 HIGH
VMware Fusion and Workstation - Out-of-bounds Write in SCSI CD/DVD Device Emulation
Apr 25, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-20871 HIGH
VMware Fusion 13.0.0-13.0.1 - Local Privilege Escalation
Apr 25, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-29552 HIGH KEV
SLP - Denial of Service
Apr 25, 2023
CVSS 7.5
EPSS 0.92
CVE-2023-20873 CRITICAL
Spring Boot <3.0.5-<2.7.10 - Auth Bypass
Apr 20, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-20865 HIGH
VMware Aria Operations for Logs 8.6.0-8.11.2 - Authenticated Command Injection
Apr 20, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-20864 CRITICAL NUCLEI
VMware Aria Operations for Logs 8.10.2-8.11.x - Unauthenticated Remote Code Execution via Deserialization
Apr 20, 2023
CVSS 9.8
EPSS 0.93
CVE-2023-20862 MEDIUM
Spring Security <5.7.8-<5.8.3-<6.0.3 - Privilege Escalation
Apr 19, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-20866 MEDIUM
Spring Session 3.0.0 - Exposure of Sensitive Information via Session ID Logging
Apr 13, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-20863 MEDIUM
Spring Framework < 5.2.24, 5.3.0-5.3.26, 6.0.0-6.0.7 - Denial of Service via SpEL Expression Injection
Apr 13, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-20860 HIGH
Spring Framework <6.0.7 or <5.3.26 - Auth Bypass
Mar 27, 2023
CVSS 7.5
EPSS 0.56
CVE-2023-20861 MEDIUM
Spring Framework 5.2.0-5.2.22, 5.3.0-5.3.25, 6.0.0-6.0.6 - Denial of Service via SpEL Expression
Mar 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-20859 MEDIUM
Spring Vault 2.3.0-2.3.2 and 3.0.0-3.0.1 - Sensitive Information Disclosure in Log Files
Mar 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-20857 MEDIUM
VMware Workspace ONE Content < 23.02 - Passcode Bypass via Rooted Device Access
Feb 28, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-20858 HIGH
VMware Carbon Black App Control 8.7.0-8.7.7, 8.8.0-8.8.5, 8.9.0-8.9.3 - Authenticated OS Command Injection
Feb 22, 2023
CVSS 7.2
EPSS 0.04
CVE-2023-20855 HIGH
VMware vRealize Automation and Orchestrator 8.0-8.11.0 - XML External Entity Injection
Feb 22, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-20854 HIGH
VMware Workstation - Arbitrary File Deletion
Feb 03, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-20856 HIGH
VMware vRealize Operations 8.6.0-8.6.4 - Cross-Site Request Forgery Bypass
Feb 01, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-22602 HIGH
Apache Shiro < 1.11.0 - Authentication Bypass via Spring Boot Pattern Matching Conflict
Jan 14, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-22942 HIGH
vmwgfx Driver File Descriptor Handling Priv Esc
Dec 13, 2023
CVSS 7.8
EPSS 0.14
CVE-2022-31693 MEDIUM
VMware Tools 10.0.0-12.1.4 - Denial of Service in VM3DMP Driver
Jun 07, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-36797 LOW
vmware ixgben < 1.10.0.1 - Authenticated Denial of Service via Local Access
Feb 16, 2023
CVSS 3.3
EPSS 0.00
CVE-2022-36416 MEDIUM
Intel(R) Ethernet 500 Series Controller <1.10.0.13 - Privilege Esca...
Feb 16, 2023
CVSS 4.4
EPSS 0.00
CVE-2022-31711 MEDIUM NUCLEI
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Exposure of Sensitive Session Information
Jan 26, 2023
CVSS 5.3
EPSS 0.81
CVE-2022-31710 HIGH
vRealize Log Insight 3.0-4.8 - Unauthenticated Denial of Service via Deserialization
Jan 26, 2023
CVSS 7.5
EPSS 0.03
CVE-2022-31706 CRITICAL NUCLEI
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Path Traversal and Remote Code Execution
Jan 26, 2023
CVSS 9.8
EPSS 0.90
Products
workstation 213 esxi 139 cloud_foundation 132 fusion 131 player 89 esx 86 vcenter_server 79 server 58 spring_framework 48 ace 44 identity_manager 28 workstation_pro 27 workstation_player 26 horizon_client 25 spring_security 24 Workstation 23 tools 22 vrealize_suite_lifecycle_manager 21 vrealize_automation 20 spring_boot 18 vrealize_operations 18 ESXi 16 vmware_workstation 15 vrealize_log_insight 15 workspace_one_access 15 horizon_view 14 spring_ai 14 vcenter_server_appliance 14 Fusion 13 aria_operations 13
Quick Filters
Critical CVEs With Exploits In CISA KEV