VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi...
8.8CVSS
8.5AI Score
0.003EPSS
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information...
3.3CVSS
5.3AI Score
0.0004EPSS
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted...
5.3CVSS
5.8AI Score
0.001EPSS
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that....
5.5CVSS
6.4AI Score
0.0004EPSS
InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer.....
7.3CVSS
7.2AI Score
0.0004EPSS
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...
9.8CVSS
9.2AI Score
0.002EPSS
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that...
9.8CVSS
9.2AI Score
0.002EPSS
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's...
6.1CVSS
6.3AI Score
0.001EPSS
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...
9.8CVSS
9.3AI Score
0.002EPSS
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...
9.8CVSS
9.2AI Score
0.002EPSS
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...
9.8CVSS
9.7AI Score
0.007EPSS
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
9.8CVSS
9.2AI Score
0.002EPSS
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information...
9.1CVSS
8.8AI Score
0.001EPSS
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive...
4.9CVSS
5AI Score
0.001EPSS
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the...
6.5CVSS
6.8AI Score
0.0004EPSS
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter...
9.1CVSS
9.4AI Score
0.001EPSS
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before...
8.8CVSS
8.7AI Score
0.002EPSS
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than...
5.8AI Score
0.0005EPSS
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual...
7.8CVSS
7.8AI Score
0.0004EPSS
Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via.....
5.5CVSS
5.2AI Score
0.0004EPSS
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative...
7.5CVSS
8.1AI Score
0.001EPSS
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information...
4.3CVSS
5.6AI Score
0.001EPSS
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to...
7.2CVSS
7.9AI Score
0.001EPSS
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code...
8.8CVSS
8.4AI Score
0.002EPSS
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware...
5.9CVSS
5.6AI Score
0.0004EPSS
7.2CVSS
7.2AI Score
0.013EPSS
4.9CVSS
5.8AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
8.1CVSS
6.5AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
4.9CVSS
5.8AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS