Vmware: Security Vulnerabilities
Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-08-18
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-10
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-08-10
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
CVSS Score
8.8
EPSS Score
0.093
Published
2022-08-10
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-08-10
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-08-10
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVSS Score
9.8
EPSS Score
0.827
Published
2022-08-05
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
CVSS Score
9.8
EPSS Score
0.021
Published
2022-08-05
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVSS Score
7.2
EPSS Score
0.077
Published
2022-08-05
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVSS Score
7.2
EPSS Score
0.041
Published
2022-08-05