6 matches found
CVE-2025-22226
CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...
CVE-2025-22224
CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...
CVE-2025-22225
CVE-2025-22225 applies to VMware ESXi and involves an arbitrary write vulnerability where a malicious actor with privileges within the VMX process can trigger an arbitrary kernel write, leading to a sandbox escape. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector and HIGH impact on confide...
CVE-2019-16919
Harbor/CNCF Harbor API contains a Broken Access Control vulnerability (CVE-2019-16919). It can allow a project administrator to create a robot account with unauthorized push/pull permissions in a project they should not control. Affected components include Harbor API within Harbor Container Regis...
CVE-2023-20884
CVE-2023-20884 affects VMware Workspace ONE Access and VMware Identity Manager. The issue is an insecure redirect caused by improper path handling that could allow an unauthenticated attacker to redirect victims to attacker-controlled domains, potentially disclosing sensitive information. VMware ...
CVE-2022-31700
CVE-2022-31700 affects VMware Workspace ONE Access and Identity Manager. The vulnerability is an authenticated remote code execution flaw (RCE) in the product, with a CVSSv3 base score of 7.2 (Important). Public documents describe the issue as an authenticated RCE, potentially allowing code execu...