CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22943
https://notcve.org/view.php?id=CVE-2022-22943
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. VMware Tools para Windows (versiones 11.x.y y versiones 10.x.y anteriores a 12.0.0) contiene una vulnerabilidad de ruta de búsqueda no controlada. Un actor malicioso con privilegios administrativos locales en el Sistema Operativo invitado Windows, donde está instalado VMware Tools, puede ser capaz de ejecutar código con privilegios de sistema en el sistema operativo invitado Windows debido a un elemento de ruta de búsqueda no controlado • https://www.vmware.com/security/advisories/VMSA-2022-0007.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 97%CPEs: 16EXPL: 28CVE-2022-22947 – VMware Spring Cloud Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. En spring cloud gateway versiones anteriores a 3.1.1+ y a 3.0.7+ , las aplicaciones son vulnerables a un ataque de inyección de código cuando el endpoint del Actuador de la Puerta de Enlace está habilitado, expuesto y sin seguridad. Un atacante remoto podría realizar una petición maliciosamente diseñada que podría permitir una ejecución remota arbitraria en el host remoto Spring Cloud Gateway version 3.1.0 suffers from a remote code execution vulnerability. Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. • https://www.exploit-db.com/exploits/50799 https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947 https://github.com/0x7eTeam/CVE-2022-22947 https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway https://github.com/crowsec-edtech/CVE-2022-22947 https://github.com/0730Nophone/CVE-2022-22947- https://github.com/Wrin9/CVE-2022-22947 https://github.com/M0ge/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE https://github.com/nanaao/CVE-2022-22947-POC https:// • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22944
https://notcve.org/view.php?id=CVE-2022-22944
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window. VMware Workspace ONE Boxer contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenada. Debido a un saneamiento y comprobación insuficientes, en las descripciones de eventos de calendario de VMware Workspace ONE Boxer, un actor malicioso puede inyectar etiquetas de script para ejecutar un script arbitrario dentro de la ventana de un usuario • https://www.vmware.com/security/advisories/VMSA-2022-0006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22942 – kernel: failing usercopy allows for use-after-free exploitation
https://notcve.org/view.php?id=CVE-2022-22942
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. El controlador vmwgfx contiene una vulnerabilidad de escalada de privilegios local que permite a los usuarios sin permisos obtener acceso a archivos abiertos por otros procesos en el sistema a través de un puntero de "archivo" colgante. A use-after-free flaw was found in the Linux kernel’s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem. If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. • https://github.com/vmware/photon/wiki/Security-Update-3.0-356 https://github.com/vmware/photon/wiki/Security-Update-4.0-148 https://www.openwall.com/lists/oss-security/2022/01/27/4 https://access.redhat.com/security/cve/CVE-2022-22942 https://bugzilla.redhat.com/show_bug.cgi?id=2044809 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22945
https://notcve.org/view.php?id=CVE-2022-22945
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. VMware NSX Edge contiene una vulnerabilidad de inyección de shell CLI. Un actor malicioso con acceso SSH a un dispositivo NSX-Edge puede ejecutar comandos arbitrarios en el sistema operativo como root • https://www.vmware.com/security/advisories/VMSA-2022-0005.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •