Known Vulnerabilities for products from Vmware
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vmware".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
|CVE||Shortened Description||Severity||Publish Date||Last Modified|
|CVE-2021-34424||A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5...||7.5 - HIGH||2021-11-24||2022-01-03|
|CVE-2021-34423||A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) befo...||9.8 - CRITICAL||2021-11-24||2022-01-03|
|CVE-2021-32719||RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was display...||4.8 - MEDIUM||2021-06-28||2021-07-02|
|CVE-2021-32718||RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via managem...||5.4 - MEDIUM||2021-06-28||2021-12-10|
|CVE-2021-22119||Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susc...||7.5 - HIGH||2021-06-29||2021-07-26|
|CVE-2021-22118||In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to...||7.8 - HIGH||2021-05-27||2021-12-07|
|CVE-2021-22117||RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attac...||7.8 - HIGH||2021-05-18||2021-05-25|
|CVE-2021-22116||RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP...||7.5 - HIGH||2021-06-08||2021-07-19|
|CVE-2021-22114||Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vuln...||5.3 - MEDIUM||2021-03-01||2021-03-09|
|CVE-2021-22113||Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vuln...||5.3 - MEDIUM||2021-02-23||2021-03-02|
|CVE-2021-22112||Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versi...||8.8 - HIGH||2021-02-23||2021-12-08|
|CVE-2021-22097||In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will des...||6.5 - MEDIUM||2021-10-28||2021-11-01|
|CVE-2021-22096||In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to pro...||4.3 - MEDIUM||2021-10-28||2021-11-29|
|CVE-2021-22095||In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will cre...||6.5 - MEDIUM||2021-11-30||2021-12-01|
|CVE-2021-22060||In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to pro...||4.3 - MEDIUM||2022-01-10||2022-01-14|
|CVE-2021-22057||VMware Workspace ONE Access 21.08, 184.108.40.206, and 20.10 contain an authentication bypass vulnerability. A malicious actor, wh...||9.8 - CRITICAL||2021-12-20||2022-01-03|
|CVE-2021-22056||VMware Workspace ONE Access 21.08, 220.127.116.11, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerab...||7.5 - HIGH||2021-12-20||2022-01-03|
|CVE-2021-22054||VMware Workspace ONE UEM console 20.0.8 prior to 18.104.22.168, 20.11.0 prior to 22.214.171.124, 21.2.0 prior to 126.96.36.199, and 21.5....||7.5 - HIGH||2021-12-17||2021-12-17|
|CVE-2021-22053||Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute ...||8.8 - HIGH||2021-11-19||2021-11-23|
|CVE-2021-22051||Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on d...||6.5 - MEDIUM||2021-11-08||2021-11-09|
Known software with vulnerabilities from Vmware
|Application||Vmware||Consolidated Backup Framework||188.8.131.522|
|Application||Vmware||Converter Enterprise Client||184.108.40.206417|
Popular searches for "Vmware"
Mware - Delivering a Digital Foundation For Businesses N L JRun any app on any cloud on any device with a digital foundation built on VMware V T R solutions for modern apps, multi-cloud, digital workspace, security & networking. vmware.comwww.vmware.com/vcloud/v1.5 www.vmware.com/index.html www.vmware.com/mac www.vmware.com/vcloud/extension/v1.5 www.vmware.com/go/try-horizon-suite-en www.lightreading.com/complink_redirect.asp?vl_id=6099 VMware Cloud computing Application software Computer network Mobile app Multicloud Digital data Customer Technology Solution Computer security Computer hardware Build (developer conference) Digital audio workstation Digital Equipment Corporation Business Infrastructure Web service Security Flexibility (engineering)
K GRussian-Owned Software Company May Be Entry Point for Huge U.S. Hacking Russian-Owned Software Company May Be Entry Point for Huge U.S. Hacking - The New York Times Continue reading the main story Russian-Owned Software Company May Be Entry Point for Huge U.S. Hacking Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States. Officials are investigating whether a Russian company, based in the Czech Republic, was a pathway for Russian hackers to insert malware that would flow to a number of technology companies. Credit...Kirill Kudryavtsev/Agence France-Presse Getty Images By Nicole Perlroth, David E. Sanger and Julian E. Barnes Jan. 6, 2021Updated 4:37 p.m. ET American intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the far-reaching Russian hacking of federal agencies, private corporations and United States infrastructure, according to officials and executives briefed on the inquiry. Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies. Security experts warn that the monthslong intrusion could be the biggest breach of United States networks in history. JetBrains, which counts 79 of the Fortune 100 companies as customers, is used by developers at 300,000 businesses. One of them is SolarWinds, the company based in Austin, Texas, whose network management software played a central role in allowing hackers into government and private networks. JetBrains said on Wednesday that it had not been contacted by government officials and was not aware of any compromise. The exact software that investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code before its release. By compromising TeamCity, or exploiting gaps in how customers use the tool, cybersecurity experts say the Russian hackers could have inconspicuously planted back doors in an untold number of JetBrains clients. Separately, the Justice Department said that its email system had been compromised as part of the SolarWinds hacking, an announcement that expands the scope of the government computers that Russia was able to infiltrate. Government officials are not certain how the compromise of the JetBrains software relates to the larger SolarWinds hacking. They are seeking to learn if it was a parallel way for Russias main intelligence agency to enter government and private systems, or whether it was the original avenue for Russian operatives to first infiltrate SolarWinds. On Tuesday, the Office of the Director of National Intelligence, the F.B.I., the Department of Homeland Security and the National Security Agency issued a joint statement formally declaring that Russia was most likely the origin of the hacking. But the statement offered no details, and made no mention of the JetBrains software or the S.V.R., Russias most skilled intelligence agency. Google, Hewlett-Packard and Citibank are among JetBrains customers, and the company is widely used by developers of Android mobile software. It also countsSiemens, a major supplier of technology in critical infrastructure such as power and nuclear plants, as a customer, as well as VMware, a technology company that the National Security Agency warned on Dec. 7 was also being used by Russian hackers to break into networks. Yaroslav Russkih, a JetBrains spokesman, said the company did not know whether its customers had been affected. SolarWinds confirmed Wednesday that it used TeamCity software to assist with the development of its software and was investigating the software as part of its investigation. The company said it had yet to confirm a definitive link between JetBrains and the breach and compromise of its own software. SolarWinds has said that 18,000 customers downloaded its compromisedsoftware, but investigators believe Russia was judicious in which of those networks it gained access to, making it difficult to quickly assess the damage. In the joint announcement, officials said they believed the Russian hackers stopped at 10 federal agencies, but an internal assessment by Amazon, which has been examining hackers tools, believe the total number of victims in government and the private sector could be upward of 250 organizations. Microsoft also announced on Dec. 31 that its network was breached by the same intruders, and confirmed that they viewed the companys source code. It has not said which products may have been compromised. CrowdStrike, a security firm, confirmed last month that it was targeted, unsuccessfully, through acompany that sells software on behalf of Microsoft. Those resellers help set up Microsoft software and often have broad access to clients systems, which Russias hackers could exploit on untold numbers of Microsoft customers. The Justice Department did not learn of, and close off, the vulnerability in its Microsoft Outlook email system until Dec. 24, some 10 days after the SolarWinds compromise of government computers became public, officials said. Marc Raimondi, a Justice Department spokesman, said that about 3 percent of the departments email accounts that use the specific Microsoft software were compromised by the breach. He said that no classified systems appear to have been affected, but that the episode had been designated as a major one. Compromising and introducing a back door into a build environment such as TeamCity is the holy grail of a supply chain hack, said Dmitri Alperovitch, a founder of CrowdStrike who now runs Silverado Policy Accelerator, referring to the method by which the Russian hackers entered victims systems through their supply chains, or software vendors. It can allow an adversary to have thousands of SolarWinds-style back doors in all sorts of products in use by victims all over the world., Mr. Alperovitch added. This is a very big deal. Advertisement nytimes.comSecurity hacker JetBrains Software company Software SolarWinds Cyberwarfare by Russia Private sector United States Federal government of the United States Technology company Russian interference in the 2016 United States elections TeamCity Backdoor (computing) Computer security Computer network Programmer Russian language The New York Times