U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): VMware
  • Search Type: Search All
There are 685 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Published: October 20, 2023; 1:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-27312

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.

Published: October 12, 2023; 3:15:11 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-36628

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

Published: October 02, 2023; 8:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-34043

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

Published: September 27, 2023; 11:18:52 AM -0400
V3.1: 6.7 MEDIUM
V2.0:(not available)
CVE-2023-20890

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

Published: August 29, 2023; 2:15:08 PM -0400
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2023-4387

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

Published: August 16, 2023; 3:15:10 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

Published: August 16, 2023; 12:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-34038

VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.

Published: August 04, 2023; 8:15:10 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-34037

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.

Published: August 04, 2023; 8:15:09 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-20891

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.

Published: July 26, 2023; 2:15:10 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-20899

VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.

Published: July 06, 2023; 7:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-20896

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

Published: June 22, 2023; 9:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-20895

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

Published: June 22, 2023; 8:15:10 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-20894

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

Published: June 22, 2023; 8:15:10 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Published: June 22, 2023; 8:15:10 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Published: June 13, 2023; 1:15:14 PM -0400
V3.1: 3.9 LOW
V2.0:(not available)
CVE-2023-20889

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

Published: June 07, 2023; 11:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-20888

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

Published: June 07, 2023; 11:15:09 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-20887

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

Published: June 07, 2023; 11:15:09 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-31693

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Published: June 07, 2023; 10:15:09 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)