CVE-2022-22962

VMware Horizon Agent for Linux prior to 22.x contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file...

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...

CVE-2022-22951

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may b...

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework...

CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

CVE-2022-22944

VMware Workspace ONE Boxer contains a stored cross-site scripting XSS vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...

CVE-2022-36416

Protection mechanism failure in the IntelR Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-36797

Protection mechanism failure in the IntelR Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2022-31687

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application...

CVE-2022-31696

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox...

CVE-2022-31662

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files...

CVE-2022-31661

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'...

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

CVE-2022-22939

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or...

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution...

CVE-2022-22943

VMware Tools for Windows 11.x.y and 10.x.y prior to 12.0.0 contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest O...

CVE-2022-22953

VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information...