Vmware Security Vulnerabilities (CVEs)
Track 104 security vulnerabilities affecting Vmware products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a deserialization vulnerability in VMware Aria Operations that allows authenticated administrators to execute arbitrary commands on...
May 12, 2023This vulnerability allows attackers to execute arbitrary code on the host system by exploiting a stack-based buffer overflow in VMware's Bluetooth sha...
Apr 25, 2023This CVE describes a local privilege escalation vulnerability in VMware Fusion where an attacker with read/write access to the host OS can elevate pri...
Apr 25, 2023CVE-2023-20864 is a critical deserialization vulnerability in VMware Aria Operations for Logs that allows unauthenticated attackers with network acces...
Apr 20, 2023This vulnerability allows security bypass in Spring Boot applications deployed to Cloud Foundry. Attackers could potentially bypass authentication or ...
Apr 20, 2023Spring Vault applications that attempt to revoke Vault batch tokens may inadvertently log sensitive information. This affects applications using Sprin...
Mar 23, 2023CVE-2023-20854 is an arbitrary file deletion vulnerability in VMware Workstation that allows local authenticated users to delete any files on the syst...
Feb 3, 2023CVE-2022-22980 is a SpEL injection vulnerability in Spring Data MongoDB that allows attackers to execute arbitrary code when using @Query or @Aggregat...
Jun 23, 2022A caching vulnerability in Spring Cloud Function's Function Catalog component allows attackers to cause denial-of-service conditions by exploiting loo...
Jun 21, 2022This CVE describes an XML External Entity (XXE) vulnerability in VMware Tools for Windows that allows a malicious actor with non-administrative local ...
May 24, 2022This authentication bypass vulnerability allows attackers with network access to the UI to gain administrative privileges without credentials. It affe...
May 20, 2022CVE-2022-22966 is a remote code execution vulnerability in VMware Cloud Director that allows authenticated, high-privileged attackers to execute arbit...
Apr 14, 2022This vulnerability allows remote code execution in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. An attacker with administra...
Apr 13, 2022This vulnerability allows a malicious actor with local access to VMware Workspace ONE Access, Identity Manager, or vRealize Automation systems to esca...
Apr 13, 2022CVE-2022-22955 is an authentication bypass vulnerability in VMware Workspace ONE Access's OAuth2 ACS framework that allows attackers to execute operat...
Apr 13, 2022This vulnerability allows remote attackers to execute arbitrary code on VMware Workspace ONE Access and Identity Manager systems through server-side t...
Apr 11, 2022CVE-2022-22964 is a local privilege escalation vulnerability in VMware Horizon Agent for Linux that allows authenticated local users to gain root priv...
Apr 11, 2022This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Spring Cloud Function. Attackers can cr...
Apr 1, 2022Spring Boot versions before 2.2.11.RELEASE are vulnerable to temporary directory hijacking in the createTempDir method. This allows attackers to manip...
Mar 30, 2022This vulnerability allows authenticated high-privileged attackers with network access to the VMware Carbon Black App Control administration interface ...
Mar 23, 2022CVE-2022-22947 is a critical remote code execution vulnerability in Spring Cloud Gateway when the Actuator endpoint is enabled and exposed without pro...
Mar 3, 2022CVE-2022-22945 is a CLI shell injection vulnerability in VMware NSX Edge that allows authenticated attackers with SSH access to execute arbitrary comm...
Feb 16, 2022This vulnerability in VMware ESXi allows attackers with VMX process privileges to access the settingsd service running with high privileges. This coul...
Feb 16, 2022CVE-2021-22050 is a slow HTTP POST denial-of-service vulnerability in VMware ESXi's rhttpproxy service. Attackers with network access can overwhelm th...
Feb 16, 2022This CVE describes a heap-overflow vulnerability in VMware's CD-ROM device emulation that could allow a malicious actor with access to a virtual machi...
Jan 4, 2022This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in VMware Workspace ONE Access and Identity Manager products. It allows attacker...
Dec 20, 2021CVE-2021-21980 is an unauthorized arbitrary file read vulnerability in the vSphere Web Client (FLEX/Flash) that allows attackers with network access t...
Nov 24, 2021CVE-2021-22049 is a Server-Side Request Forgery (SSRF) vulnerability in the vSAN Web Client plug-in for vSphere Web Client (FLEX/Flash). It allows att...
Nov 24, 2021CVE-2021-22048 is a privilege escalation vulnerability in VMware vCenter Server's IWA authentication mechanism. Attackers with non-administrative acce...
Nov 10, 2021This vulnerability allows attackers to perform path interception attacks on Windows systems by planting a malicious reg.exe binary that gets executed ...
Oct 29, 2021This vulnerability allows attackers to cause a denial-of-service condition in VMware vCenter Server by sending specially crafted JSON-RPC messages to ...
Sep 23, 2021CVE-2021-22012 is an information disclosure vulnerability in VMware vCenter Server's unauthenticated appliance management API. Attackers with network ...
Sep 23, 2021CVE-2021-22014 is an authenticated remote code execution vulnerability in VMware vCenter Server's VAMI interface. An attacker with valid credentials a...
Sep 23, 2021CVE-2021-22005 is a critical arbitrary file upload vulnerability in VMware vCenter Server's Analytics service. Attackers with network access to port 4...
Sep 23, 2021This vulnerability in VMware vCenter Server's VAPI service allows attackers with network access to port 443 to send specially crafted JSON-RPC message...
Sep 23, 2021This vulnerability in VMware vCenter Server allows attackers with network access to port 443 to trigger excessive memory consumption in the VPXD servi...
Sep 23, 2021CVE-2021-21991 is a local privilege escalation vulnerability in VMware vCenter Server that allows authenticated non-administrative users to gain Admin...
Sep 22, 2021This vulnerability allows attackers to bypass authentication and access sensitive configuration and diagnostic endpoints in VMware Workspace ONE Acces...
Aug 31, 2021This vulnerability allows attackers with access to the VMware Workspace ONE UEM REST API to cause denial of service by exploiting improper rate limiti...
Aug 31, 2021This vulnerability allows an attacker with administrative API access to vRealize Operations Manager to modify other users' information, potentially le...
Aug 30, 2021CVE-2021-22025 is a broken access control vulnerability in VMware vRealize Operations Manager API that allows unauthenticated attackers to add new nod...
Aug 30, 2021This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the vRealize Operations Manager API. Unauthenticated attackers with network a...
Aug 30, 2021CVE-2021-21994 is an authentication bypass vulnerability in SFCB (Small Footprint CIM Broker) used in VMware ESXi. An attacker with network access to ...
Jul 13, 2021CVE-2021-22000 is a DLL hijacking vulnerability in VMware ThinApp that allows attackers with local non-administrative access to execute arbitrary code...
Jul 13, 2021Spring Security OAuth 2.0 clients are vulnerable to denial-of-service attacks where attackers can exhaust system resources by repeatedly initiating au...
Jun 29, 2021CVE-2021-21998 is an authentication bypass vulnerability in VMware Carbon Black App Control that allows attackers with network access to the managemen...
Jun 23, 2021This vulnerability allows a locally authenticated malicious user to escalate privileges in Spring Framework WebFlux applications by manipulating tempo...
May 27, 2021CVE-2021-21985 is a critical remote code execution vulnerability in VMware vSphere Client's Virtual SAN Health Check plugin. Attackers with network ac...
May 26, 2021This vulnerability allows remote code execution on systems running vulnerable versions of the Element Plug-in for vCenter Server. Attackers can exploi...
Mar 15, 2021This vulnerability allows unauthenticated attackers with network access to VMware View Planner Harness to upload and execute arbitrary files, leading ...
Mar 3, 2021Why Monitor Vmware Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 104+ known vulnerabilities affecting Vmware products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Vmware packages in under 60 seconds. No agents required - completely agentless scanning that works across Vmware deployments.
Free vulnerability database: Access detailed information about every Vmware CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Vmware CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
