Vmware: Security Vulnerabilities
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-07-14
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-13
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
CVSS Score
5.4
EPSS Score
0.013
Published
2022-07-12
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
CVSS Score
5.4
EPSS Score
0.013
Published
2022-07-12
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSS Score
5.6
EPSS Score
0.001
Published
2022-07-12
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
CVSS Score
9.8
EPSS Score
0.832
Published
2022-06-23
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-06-21
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-16
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-06-15
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
5.5
EPSS Score
0.005
Published
2022-06-15