Lucene search
K

6 matches found

CVE
CVE
added 2025/03/04 11:56 a.m.792 views

CVE-2025-22226

CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...

7.1CVSS7.7AI score0.01676EPSS
In wild
CVE
CVE
added 2025/03/04 11:56 a.m.566 views

CVE-2025-22224

CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...

9.3CVSS9.3AI score0.01524EPSS
In wild
CVE
CVE
added 2025/03/04 11:56 a.m.386 views

CVE-2025-22225

CVE-2025-22225 applies to VMware ESXi and involves an arbitrary write vulnerability where a malicious actor with privileges within the VMX process can trigger an arbitrary kernel write, leading to a sandbox escape. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector and HIGH impact on confide...

8.2CVSS8.8AI score0.00963EPSS
In wild
CVE
CVE
added 2019/10/18 11:59 a.m.178 views

CVE-2019-16919

Harbor/CNCF Harbor API contains a Broken Access Control vulnerability (CVE-2019-16919). It can allow a project administrator to create a robot account with unauthorized push/pull permissions in a project they should not control. Affected components include Harbor API within Harbor Container Regis...

7.5CVSS7.4AI score0.01711EPSS
CVE
CVE
added 2023/05/30 3:5 p.m.118 views

CVE-2023-20884

CVE-2023-20884 affects VMware Workspace ONE Access and VMware Identity Manager. The issue is an insecure redirect caused by improper path handling that could allow an unauthenticated attacker to redirect victims to attacker-controlled domains, potentially disclosing sensitive information. VMware ...

6.1CVSS5.9AI score0.00348EPSS
CVE
CVE
added 2022/12/14 12:0 a.m.89 views

CVE-2022-31700

CVE-2022-31700 affects VMware Workspace ONE Access and Identity Manager. The vulnerability is an authenticated remote code execution flaw (RCE) in the product, with a CVSSv3 base score of 7.2 (Important). Public documents describe the issue as an authenticated RCE, potentially allowing code execu...

7.2CVSS7.3AI score0.01082EPSS
Web