PT-2025-35082

Name of the Vulnerable Software and Affected Versions: Checkmk Exchange plugin VMware vSAN affected versions not specified Description: The Checkmk Exchange plugin for VMware vSAN contains an improper certificate validation flaw. This allows attackers positioned in a Man-in-the-Middle MitM positi...

Linux Distros Unpatched Vulnerability : CVE-2014-4199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a...

Linux Distros Unpatched Vulnerability : CVE-2023-34059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack...

VMware Spring Framework <= 5.3.43, 6.0.0 - 6.0.29, 6.1.0 - 6.1.21, 6.2.0 - 6.2.9 Path Traversal Vulnerability - Linux

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework <= 5.3.43, 6.0.0 - 6.0.29, 6.1.0 - 6.1.21, 6.2.0 - 6.2.9 Path Traversal Vulnerability - Windows

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-7342

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...

Linux Distros Unpatched Vulnerability : CVE-2025-22247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from a path traversal vulnerability on a non-compliant servlet...

Linux Distros Unpatched Vulnerability : CVE-2023-34058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

CVE-2025-7342

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...

ROS-20250813-04

VMware Tools suite vulnerability is related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate privileges...

Cisco Unified Communications Manager IM & Presence Privilege Escalation (cisco-sa-imp-inf-disc-cUPKuA5n)

According to its self-reported version, Cisco Unified Communications Manager IM & Presence is affected by a privilege escalation vulnerability. - A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate...

VMware Tools 11.x / 12.x < 12.5.3 / 13.x < 13.0.1.0 vSockets Information Disclosure (VMSA-2025-0013)

The version of VMware Tools installed on the remote Windows host is 11.x, 12.x prior to 12.5.3, or 13.x prior to 13.0.1.0. It is, therefore, affected by an information disclosure vulnerbility: - VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability du...

VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)

VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...

Linux Distros Unpatched Vulnerability : CVE-2022-49788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to...

The vulnerability of the Vagrant VMWare Utility service lies in the improper assignment of permissions to the critical resource, allowing an attacker to gain read and modify access to files.

The vulnerability of the Vagrant VMWare Utility relates to the improper assignment of permissions for the critical resource. Exploiting this vulnerability can allow an attacker to gain read and write access to files...

VMware vCenter Server 7.0.x < 7.0 U3v / 8.0.x < 8.0 U3g DoS (VMSA-2025-0014)

The version of VMware vCenter Server installed on the remote host is 7.0.x prior to 7.0 U3v, or 8.0.x prior to 8.0 U3g. It is, therefore, affected by a vulnerability as referenced in the VMSA-2025-0014 advisory. A malicious actor who is authenticated through vCenter and has permission to perform...

Linux Distros Unpatched Vulnerability : CVE-2022-1706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

CVE-2025-41241

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition...