Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): VMware
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-20888 |
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. Published: June 07, 2023; 11:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20887 |
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. Published: June 07, 2023; 11:15:09 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-31693 |
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. Published: June 07, 2023; 10:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-20884 |
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. Published: May 30, 2023; 12:15:09 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-20880 |
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. Published: May 12, 2023; 5:15:09 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-20879 |
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. Published: May 12, 2023; 5:15:09 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-20878 |
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. Published: May 12, 2023; 5:15:09 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-20877 |
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. Published: May 12, 2023; 5:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20870 |
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Published: April 25, 2023; 6:15:09 PM -0400 |
V3.1: 6.0 MEDIUM V2.0:(not available) |
CVE-2023-20869 |
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Published: April 25, 2023; 6:15:09 PM -0400 |
V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2023-20872 |
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Published: April 25, 2023; 5:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-20871 |
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. Published: April 25, 2023; 5:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20865 |
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. Published: April 20, 2023; 5:15:08 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-20864 |
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. Published: April 20, 2023; 5:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-1544 |
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. Published: March 23, 2023; 4:15:14 PM -0400 |
V3.1: 6.3 MEDIUM V2.0:(not available) |
CVE-2022-37935 |
HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. Published: March 01, 2023; 3:15:10 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-23240 |
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. Published: February 28, 2023; 6:15:11 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-23239 |
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. Published: February 28, 2023; 6:15:10 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-20857 |
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. Published: February 28, 2023; 12:15:10 PM -0500 |
V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2023-20858 |
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. Published: February 21, 2023; 7:15:11 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |