Filtered by vendor Vmware
Subscribe
Total
900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37087 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-27 | N/A | 5.3 MEDIUM |
| The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition. | |||||
| CVE-2024-37086 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-06-27 | N/A | 6.8 MEDIUM |
| VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host. | |||||
| CVE-2024-22275 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-27 | N/A | 4.9 MEDIUM |
| The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. | |||||
| CVE-2024-22274 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-27 | N/A | 7.2 HIGH |
| The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. | |||||
| CVE-2024-22270 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | |||||
| CVE-2024-22269 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | |||||
| CVE-2024-22233 | 1 Vmware | 1 Spring Framework | 2025-06-20 | N/A | 7.5 HIGH |
| In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. | |||||
| CVE-2024-37081 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-20 | N/A | 7.8 HIGH |
| The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. | |||||
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2025-06-20 | N/A | 9.9 CRITICAL |
| Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||||
| CVE-2024-38808 | 2 Netapp, Vmware | 3 Active Iq Unified Manager, Oncommand Insight, Spring Framework | 2025-06-18 | N/A | 4.3 MEDIUM |
| In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. | |||||
| CVE-2025-41231 | 1 Vmware | 1 Cloud Foundation | 2025-06-12 | N/A | 7.3 HIGH |
| VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | |||||
| CVE-2024-22251 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-10 | N/A | 5.9 MEDIUM |
| VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. | |||||
| CVE-2024-22259 | 2 Netapp, Vmware | 2 Active Iq Unified Manager, Spring Framework | 2025-06-10 | N/A | 8.1 HIGH |
| Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. | |||||
| CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2025-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | |||||
| CVE-2024-22241 | 1 Vmware | 1 Aria Operations For Networks | 2025-06-03 | N/A | 4.3 MEDIUM |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | |||||
| CVE-2024-22238 | 1 Vmware | 1 Aria Operations For Networks | 2025-06-03 | N/A | 6.4 MEDIUM |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | |||||
| CVE-2024-22236 | 1 Vmware | 1 Spring Cloud Contract | 2025-06-03 | N/A | 3.3 LOW |
| In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | |||||
| CVE-2023-34042 | 1 Vmware | 1 Spring Security | 2025-06-03 | N/A | 4.1 MEDIUM |
| The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. | |||||
| CVE-2022-31679 | 1 Vmware | 1 Spring Data Rest | 2025-05-22 | N/A | 3.7 LOW |
| Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. | |||||
| CVE-2024-22240 | 1 Vmware | 1 Aria Operations For Networks | 2025-05-15 | N/A | 4.9 MEDIUM |
| Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | |||||