Filtered by vendor Vmware
Subscribe
Total
875 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34684 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2023-12-10 | N/A | 7.1 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure. | |||||
CVE-2022-31707 | 1 Vmware | 1 Vrealize Operations | 2023-12-10 | N/A | 7.2 HIGH |
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | |||||
CVE-2022-42258 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2023-12-10 | N/A | 7.3 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | |||||
CVE-2022-36797 | 1 Vmware | 1 Ixgben | 2023-12-10 | N/A | 5.5 MEDIUM |
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2023-20856 | 1 Vmware | 1 Vrealize Operations | 2023-12-10 | N/A | 8.8 HIGH |
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | |||||
CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2023-12-10 | N/A | 5.5 MEDIUM |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | |||||
CVE-2021-31693 | 1 Vmware | 1 Tools | 2023-12-10 | N/A | 6.5 MEDIUM |
The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. | |||||
CVE-2022-34678 | 6 Citrix, Linux, Microsoft and 3 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2023-12-10 | N/A | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service. | |||||
CVE-2022-34680 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2023-12-10 | N/A | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | |||||
CVE-2023-20854 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2023-12-10 | N/A | 8.4 HIGH |
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. | |||||
CVE-2023-20858 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2023-12-10 | N/A | 7.2 HIGH |
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. | |||||
CVE-2022-31702 | 1 Vmware | 1 Vrealize Network Insight | 2023-12-10 | N/A | 9.8 CRITICAL |
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. | |||||
CVE-2022-34670 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2023-12-10 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. | |||||
CVE-2023-20857 | 1 Vmware | 1 Workspace One Content | 2023-12-10 | N/A | 6.8 MEDIUM |
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. | |||||
CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2023-12-10 | N/A | 8.8 HIGH |
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | |||||
CVE-2009-1143 | 1 Vmware | 1 Open-vm-tools | 2023-12-10 | N/A | 7.0 HIGH |
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). | |||||
CVE-2022-34674 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2023-12-10 | N/A | 6.1 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | |||||
CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2023-12-10 | N/A | 7.5 HIGH |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
CVE-2022-31704 | 1 Vmware | 1 Vrealize Log Insight | 2023-12-10 | N/A | 9.8 CRITICAL |
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | |||||
CVE-2022-42255 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2023-12-10 | N/A | 7.8 HIGH |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. |