Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): VMware
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-20891 |
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. Published: July 26, 2023; 2:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-20899 |
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. Published: July 06, 2023; 7:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-20896 |
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). Published: June 22, 2023; 9:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-20895 |
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. Published: June 22, 2023; 8:15:10 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20894 |
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. Published: June 22, 2023; 8:15:10 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20893 |
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. Published: June 22, 2023; 8:15:10 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20867 |
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Published: June 13, 2023; 1:15:14 PM -0400 |
V4.0:(not available) V3.1: 3.9 LOW V2.0:(not available) |
CVE-2023-20889 |
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. Published: June 07, 2023; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-20888 |
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. Published: June 07, 2023; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20887 |
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. Published: June 07, 2023; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-31693 |
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. Published: June 07, 2023; 10:15:09 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-20884 |
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. Published: May 30, 2023; 12:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-20880 |
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. Published: May 12, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-20879 |
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. Published: May 12, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-20878 |
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. Published: May 12, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-20877 |
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. Published: May 12, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20870 |
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Published: April 25, 2023; 6:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.0 MEDIUM V2.0:(not available) |
CVE-2023-20869 |
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Published: April 25, 2023; 6:15:09 PM -0400 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2023-20872 |
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Published: April 25, 2023; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20871 |
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. Published: April 25, 2023; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |