CVE-2022-22964

VMware Horizon Agent for Linux prior to 22.x contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file...

CVE-2022-22952

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windo...

CVE-2021-21999

VMware Tools for Windows 11.x.y prior to 11.2.6, VMware Remote Console for Windows 12.x prior to 12.0.1 , VMware App Volumes 2.x prior to 2.18.10 and 4 prior to 2103 contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by...

CVE-2021-21997

VMware Tools for Windows 11.x.y prior to 11.3.0 contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a...

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

CVE-2021-21990

VMware Workspace one UEM console 2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to...

CVE-2021-21987

VMware Workstation 16.x prior to 16.1.2 and Horizon Client for Windows 5.x prior to 5.5.2 contain out-of-bounds read vulnerability in the Cortado ThinPrint component TTC Parser. A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to...

CVE-2021-22043

VMware ESXi contains a TOCTOU Time-of-check Time-of-use vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files...

CVE-2021-26584

A security vulnerability in HPE OneView for VMware vCenter OV4VC could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter OV4VC...

CVE-2021-22033

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery SSRF vulnerability...

CVE-2021-22029

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...

CVE-2021-22034

Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability...

CVE-2021-21984

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance...

CVE-2021-21988

VMware Workstation 16.x prior to 16.1.2 and Horizon Client for Windows 5.x prior to 5.5.2 contain out-of-bounds read vulnerability in the Cortado ThinPrint component JPEG2000 Parser. A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading t...

CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could uploa...

CVE-2021-21998

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to...

CVE-2021-22042

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user...

CVE-2021-21989

VMware Workstation 16.x prior to 16.1.2 and Horizon Client for Windows 5.x prior to 5.5.2 contain out-of-bounds read vulnerability in the Cortado ThinPrint component TTC Parser. A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to...

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

CVE-2021-21982

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful...