Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): VMware
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-34051 |
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. Published: October 20, 2023; 1:15:07 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-27312 |
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. Published: October 12, 2023; 3:15:11 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-36628 |
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. Published: October 02, 2023; 8:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-34043 |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. Published: September 27, 2023; 11:18:52 AM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-20890 |
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. Published: August 29, 2023; 2:15:08 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-4387 |
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Published: August 16, 2023; 3:15:10 PM -0400 |
V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2023-39250 |
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. Published: August 16, 2023; 12:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-34038 |
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. Published: August 04, 2023; 8:15:10 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-34037 |
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. Published: August 04, 2023; 8:15:09 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-20891 |
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. Published: July 26, 2023; 2:15:10 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-20899 |
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. Published: July 06, 2023; 7:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-20896 |
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). Published: June 22, 2023; 9:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-20895 |
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. Published: June 22, 2023; 8:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20894 |
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. Published: June 22, 2023; 8:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20893 |
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. Published: June 22, 2023; 8:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20867 |
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Published: June 13, 2023; 1:15:14 PM -0400 |
V3.1: 3.9 LOW V2.0:(not available) |
CVE-2023-20889 |
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. Published: June 07, 2023; 11:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-20888 |
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. Published: June 07, 2023; 11:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20887 |
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. Published: June 07, 2023; 11:15:09 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-31693 |
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. Published: June 07, 2023; 10:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |