Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2022-38652
A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of t...
Vmware Hyperic Agent 5.8.6
9.9
CVSSv3
CVE-2020-6100
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vul...
Amd Radeon Directx 11 Driver Atidxx64.dll 26.20.15019.19000
9.9
CVSSv3
CVE-2017-4901
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Vmware Workstation 12.5.2
Vmware Workstation 12.5.3
Vmware Fusion 8.5.2
Vmware Fusion 8.5.1
Vmware Workstation 12.0.1
Vmware Workstation 12.0
Vmware Fusion 8.1.0
Vmware Fusion 8.0.2
Vmware Workstation 12.1
Vmware Workstation 12.1.1
Vmware Fusion 8.5.0
Vmware Fusion 8.1.1
Vmware Workstation 12.5
Vmware Workstation 12.5.1
Vmware Fusion 8.5.4
Vmware Fusion 8.5.3
Vmware Fusion 8.0.1
Vmware Fusion 8.0.0
1 EDB exploit
6 Github repositories
9.9
CVSSv3
CVE-2012-1516
The VMX process in VMware ESXi 3.5 up to and including 4.1 and ESX 3.5 up to and including 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS vi...
Vmware Esx 4.0
Vmware Esx 4.1
Vmware Esx 3.5
Vmware Esxi 4.0
Vmware Esxi 4.1
Vmware Esxi 3.5
9.8
CVSSv3
CVE-2023-22527
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated malicious user to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence ...
Atlassian Confluence Data Center
Atlassian Confluence Server
27 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-34060
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the applian...
Vmware Cloud Director
1 Github repository
1 Article
9.8
CVSSv3
CVE-2023-34048
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Vmware Vcenter Server 7.0
Vmware Vcenter Server 8.0
Vmware Vcenter Server
1 Github repository
4 Articles
9.8
CVSSv3
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Vmware Aria Operations For Logs 8.8
Vmware Aria Operations For Logs 8.6
Vmware Aria Operations For Logs 5.0
Vmware Aria Operations For Logs 4.0
Vmware Aria Operations For Logs 8.10
Vmware Aria Operations For Logs 8.10.2
Vmware Aria Operations For Logs 8.12
1 Github repository
9.8
CVSSv3
CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Netwo...
Vmware Aria Operations For Networks
3 Github repositories
9.8
CVSSv3
CVE-2023-34034
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Vmware Spring Security
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »