CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2022-31697
https://notcve.org/view.php?id=CVE-2022-31697
13 Dec 2022 — The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 285EXPL: 0CVE-2022-31699
https://notcve.org/view.php?id=CVE-2022-31699
13 Dec 2022 — VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. VMware ESXi contiene una vulnerabilidad de desbordamiento del heap. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 2%CPEs: 2EXPL: 0CVE-2022-31678
https://notcve.org/view.php?id=CVE-2022-31678
28 Oct 2022 — VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. VMware Cloud Foundation (NSX-V) contiene una vulnerabilidad de entidad externa XML (XXE). • https://www.vmware.com/security/advisories/VMSA-2022-0027.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 9%CPEs: 1EXPL: 0CVE-2022-31673
https://notcve.org/view.php?id=CVE-2022-31673
09 Aug 2022 — VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. ... VMware vRealize Operations contiene una vulnerabilidad de divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2022-0022.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31674
https://notcve.org/view.php?id=CVE-2022-31674
09 Aug 2022 — VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. VMware vRealize Operations contiene una vulnerabilidad de divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2022-0022.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 264EXPL: 0CVE-2022-23825 – hw: cpu: AMD: Branch Type Confusion (non-retbleed)
https://notcve.org/view.php?id=CVE-2022-23825
14 Jul 2022 — Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. ... Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure. • http://www.openwall.com/lists/oss-security/2022/11/08/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 288EXPL: 0CVE-2022-29901 – Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)
https://notcve.org/view.php?id=CVE-2022-29901
12 Jul 2022 — Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. ... Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access. • https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22953
https://notcve.org/view.php?id=CVE-2022-22953
16 Jun 2022 — VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. La actualización de VMware HCX aborda una vulnerabilidad de divulgación de información. Un actor malicioso con acceso de usuario de red al dispositivo VMware HCX podría conseguir acceso a información confidencial • https://www.vmware.com/security/advisories/VMSA-2022-0017.html •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21166 – hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)
https://notcve.org/view.php?id=CVE-2022-21166
15 Jun 2022 — Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. ... Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/06/16/1 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21125 – hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)
https://notcve.org/view.php?id=CVE-2022-21125
15 Jun 2022 — Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. ... Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/06/16/1 • CWE-459: Incomplete Cleanup •