Vendor CVEs
VMware
All CVEs
967 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22268 | 0.00 | — | 0.01 | May 14, 2024 | VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service… | |||
| CVE-2024-22267 | 0.00 | — | 0.01 | May 14, 2024 | VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||
| CVE-2022-43656 | 0.00 | — | 0.00 | May 7, 2024 | Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2022-43655 | 0.00 | — | 0.00 | May 7, 2024 | Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2022-43653 | 0.00 | — | 0.00 | May 7, 2024 | Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target… | |||
| CVE-2022-43652 | 0.00 | — | 0.00 | May 7, 2024 | Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2022-43651 | 0.00 | — | 0.00 | May 7, 2024 | Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must… | |||
| CVE-2023-44430 | 0.00 | — | 0.01 | May 3, 2024 | Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must… | |||
| CVE-2024-22256 | 0.00 | — | 0.00 | Mar 7, 2024 | VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. | |||
| CVE-2024-22255 | 0.00 | — | 0.02 | Mar 5, 2024 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | |||
| CVE-2024-22254 | 0.00 | — | 0.01 | Mar 5, 2024 | VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. | |||
| CVE-2024-22253 | 0.00 | — | 0.01 | Mar 5, 2024 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.… | |||
| CVE-2024-22252 | 0.00 | — | 0.04 | Mar 5, 2024 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.… | |||
| CVE-2024-22251 | 0.00 | — | 0.00 | Feb 27, 2024 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. | |||
| CVE-2024-22235 | 0.00 | — | 0.00 | Feb 21, 2024 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||
| CVE-2023-6138 | 0.00 | — | 0.00 | Feb 14, 2024 | A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability. | |||
| CVE-2024-22241 | 0.00 | — | 0.38 | Feb 6, 2024 | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | |||
| CVE-2024-22240 | 0.00 | — | 0.01 | Feb 6, 2024 | Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | |||
| CVE-2024-22239 | 0.00 | — | 0.00 | Feb 6, 2024 | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. | |||
| CVE-2024-22238 | 0.00 | — | 0.01 | Feb 6, 2024 | Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | |||
| CVE-2024-22237 | 0.00 | — | 0.00 | Feb 6, 2024 | Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. | |||
| CVE-2023-34042 | 0.00 | — | 0.00 | Feb 5, 2024 | The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission… | |||
| CVE-2023-34063 | 0.00 | — | 0.01 | Jan 16, 2024 | Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||
| CVE-2023-34064 | 0.00 | — | 0.00 | Dec 12, 2023 | Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. | |||
| CVE-2023-34060 | 0.00 | — | 0.01 | Nov 14, 2023 | VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the… | |||
| CVE-2023-4891 | 0.00 | — | 0.00 | Nov 8, 2023 | A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. | |||
| CVE-2023-34059 | 0.00 | — | 0.00 | Oct 27, 2023 | open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | |||
| CVE-2023-34056 | 0.00 | — | 0.01 | Oct 25, 2023 | vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | |||
| CVE-2023-34045 | 0.00 | — | 0.00 | Oct 20, 2023 | VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with… | |||
| CVE-2023-34046 | 0.00 | — | 0.00 | Oct 20, 2023 | VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious… | |||
| CVE-2023-34044 | 0.00 | — | 0.00 | Oct 20, 2023 | VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual… | |||
| CVE-2023-34052 | 0.00 | — | 0.00 | Oct 20, 2023 | VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass. | |||
| CVE-2023-34043 | 0.00 | — | 0.00 | Sep 26, 2023 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||
| CVE-2022-41763 | 0.00 | — | 0.01 | Sep 5, 2023 | An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the… | |||
| CVE-2023-20900 | 0.00 | — | 0.01 | Aug 31, 2023 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine… | |||
| CVE-2023-20890 | 0.00 | — | 0.22 | Aug 29, 2023 | Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | |||
| CVE-2023-34038 | 0.00 | — | 0.00 | Aug 4, 2023 | VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | |||
| CVE-2023-34037 | 0.00 | — | 0.00 | Aug 4, 2023 | VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. | |||
| CVE-2023-20891 | 0.00 | — | 0.01 | Jul 26, 2023 | The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can… | |||
| CVE-2023-34035 | 0.00 | — | 0.01 | Jul 18, 2023 | Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s… | |||
| CVE-2023-20899 | 0.00 | — | 0.01 | Jul 6, 2023 | VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | |||
| CVE-2023-20896 | 0.00 | — | 0.01 | Jun 22, 2023 | The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of… | |||
| CVE-2023-20895 | 0.00 | — | 0.01 | Jun 22, 2023 | The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | |||
| CVE-2023-20893 | 0.00 | — | 0.01 | Jun 22, 2023 | The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | |||
| CVE-2023-20892 | 0.00 | — | 0.02 | Jun 22, 2023 | The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the… | |||
| CVE-2022-31693 | 0.00 | — | 0.00 | Jun 7, 2023 | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver… | |||
| CVE-2023-20884 | 0.00 | — | 0.00 | May 30, 2023 | VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | |||
| CVE-2023-20868 | 0.00 | — | 0.00 | May 26, 2023 | NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | |||
| CVE-2023-20878 | 0.00 | — | 0.01 | May 12, 2023 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | |||
| CVE-2023-20880 | 0.00 | — | 0.00 | May 12, 2023 | VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. |
- CVE-2024-22268May 14, 2024risk 0.00cvss —epss 0.01
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service…
- CVE-2024-22267May 14, 2024risk 0.00cvss —epss 0.01
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
- CVE-2022-43656May 7, 2024risk 0.00cvss —epss 0.00
Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the…
- CVE-2022-43655May 7, 2024risk 0.00cvss —epss 0.00
Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the…
- CVE-2022-43653May 7, 2024risk 0.00cvss —epss 0.00
Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target…
- CVE-2022-43652May 7, 2024risk 0.00cvss —epss 0.00
Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the…
- CVE-2022-43651May 7, 2024risk 0.00cvss —epss 0.00
Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must…
- CVE-2023-44430May 3, 2024risk 0.00cvss —epss 0.01
Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must…
- CVE-2024-22256Mar 7, 2024risk 0.00cvss —epss 0.00
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
- CVE-2024-22255Mar 5, 2024risk 0.00cvss —epss 0.02
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
- CVE-2024-22254Mar 5, 2024risk 0.00cvss —epss 0.01
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.
- CVE-2024-22253Mar 5, 2024risk 0.00cvss —epss 0.01
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…
- CVE-2024-22252Mar 5, 2024risk 0.00cvss —epss 0.04
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.…
- CVE-2024-22251Feb 27, 2024risk 0.00cvss —epss 0.00
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
- CVE-2024-22235Feb 21, 2024risk 0.00cvss —epss 0.00
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
- CVE-2023-6138Feb 14, 2024risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.
- CVE-2024-22241Feb 6, 2024risk 0.00cvss —epss 0.38
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
- CVE-2024-22240Feb 6, 2024risk 0.00cvss —epss 0.01
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
- CVE-2024-22239Feb 6, 2024risk 0.00cvss —epss 0.00
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
- CVE-2024-22238Feb 6, 2024risk 0.00cvss —epss 0.01
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
- CVE-2024-22237Feb 6, 2024risk 0.00cvss —epss 0.00
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
- CVE-2023-34042Feb 5, 2024risk 0.00cvss —epss 0.00
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission…
- CVE-2023-34063Jan 16, 2024risk 0.00cvss —epss 0.01
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
- CVE-2023-34064Dec 12, 2023risk 0.00cvss —epss 0.00
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
- CVE-2023-34060Nov 14, 2023risk 0.00cvss —epss 0.01
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the…
- CVE-2023-4891Nov 8, 2023risk 0.00cvss —epss 0.00
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.
- CVE-2023-34059Oct 27, 2023risk 0.00cvss —epss 0.00
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
- CVE-2023-34056Oct 25, 2023risk 0.00cvss —epss 0.01
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
- CVE-2023-34045Oct 20, 2023risk 0.00cvss —epss 0.00
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with…
- CVE-2023-34046Oct 20, 2023risk 0.00cvss —epss 0.00
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious…
- CVE-2023-34044Oct 20, 2023risk 0.00cvss —epss 0.00
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual…
- CVE-2023-34052Oct 20, 2023risk 0.00cvss —epss 0.00
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.
- CVE-2023-34043Sep 26, 2023risk 0.00cvss —epss 0.00
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
- CVE-2022-41763Sep 5, 2023risk 0.00cvss —epss 0.01
An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the…
- CVE-2023-20900Aug 31, 2023risk 0.00cvss —epss 0.01
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine…
- CVE-2023-20890Aug 29, 2023risk 0.00cvss —epss 0.22
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
- CVE-2023-34038Aug 4, 2023risk 0.00cvss —epss 0.00
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.
- CVE-2023-34037Aug 4, 2023risk 0.00cvss —epss 0.00
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.
- CVE-2023-20891Jul 26, 2023risk 0.00cvss —epss 0.01
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can…
- CVE-2023-34035Jul 18, 2023risk 0.00cvss —epss 0.01
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s…
- CVE-2023-20899Jul 6, 2023risk 0.00cvss —epss 0.01
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.
- CVE-2023-20896Jun 22, 2023risk 0.00cvss —epss 0.01
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of…
- CVE-2023-20895Jun 22, 2023risk 0.00cvss —epss 0.01
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
- CVE-2023-20893Jun 22, 2023risk 0.00cvss —epss 0.01
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
- CVE-2023-20892Jun 22, 2023risk 0.00cvss —epss 0.02
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the…
- CVE-2022-31693Jun 7, 2023risk 0.00cvss —epss 0.00
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver…
- CVE-2023-20884May 30, 2023risk 0.00cvss —epss 0.00
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
- CVE-2023-20868May 26, 2023risk 0.00cvss —epss 0.00
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
- CVE-2023-20878May 12, 2023risk 0.00cvss —epss 0.01
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
- CVE-2023-20880May 12, 2023risk 0.00cvss —epss 0.00
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Page 9 of 20