Vmware Security Vulnerabilities
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.
7.8CVSS
8.2AI Score
0.0004EPSS
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux io.m...
7.5CVSS
7.3AI Score
0.0005EPSS
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...
6.5CVSS
6.4AI Score
0.0004EPSS
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
7.8CVSS
7.6AI Score
0.0004EPSS
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate thei...
7.5CVSS
7.3AI Score
0.001EPSS
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the/dev/uinput file descriptor allowing them to simulate user inputs.
7.4CVSS
7AI Score
0.0004EPSS
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 froman older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass loginr...
9.8CVSS
10AI Score
0.001EPSS
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor mayexploit this vulnerability leading to unauthorized access to remoteorganizations and workflows.
9.9CVSS
8.1AI Score
0.0004EPSS
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
4.6CVSS
4.7AI Score
0.001EPSS
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API ...
4.9CVSS
4.8AI Score
0.002EPSS
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may s...
7.5CVSS
7.3AI Score
0.002EPSS
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
7.5CVSS
7.3AI Score
0.0005EPSS
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in th...
5.5CVSS
5.2AI Score
0.0004EPSS
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
7.8CVSS
8.1AI Score
0.0004EPSS
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
6.4CVSS
6.1AI Score
0.0004EPSS
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
7.8CVSS
8.1AI Score
0.0004EPSS
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
4.9CVSS
6AI Score
0.0005EPSS
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
4.8CVSS
6.1AI Score
0.0004EPSS
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
4.3CVSS
4.2AI Score
0.0004EPSS
VMware Cloud Director Availability contains an HTML injection vulnerability.Amalicious actor with network access to VMware Cloud DirectorAvailability can craft malicious HTML tags to execute within replicationtasks.
6.4CVSS
6.8AI Score
0.0004EPSS
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
8.5CVSS
9.4AI Score
0.0005EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8CVSS
7.7AI Score
0.001EPSS
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8CVSS
7.7AI Score
0.001EPSS
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
9.8CVSS
9.5AI Score
0.0005EPSS
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active...
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
8.8CVSS
8.8AI Score
0.0004EPSS