Filtered by vendor Vmware
Subscriptions
Total
892 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-20867 | 4 Debian, Fedoraproject, Redhat and 1 more | 8 Debian Linux, Fedora, Enterprise Linux and 5 more | 2024-08-02 | 3.9 Low |
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | ||||
CVE-2023-20889 | 1 Vmware | 1 Vrealize Network Insight | 2024-08-02 | 7.5 High |
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | ||||
CVE-2023-20892 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 8.1 High |
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | ||||
CVE-2023-20891 | 1 Vmware | 2 Isolation Segment, Tanzu Application Service For Virtual Machines | 2024-08-02 | 6.5 Medium |
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. | ||||
CVE-2023-20888 | 1 Vmware | 1 Vrealize Network Insight | 2024-08-02 | 8.8 High |
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | ||||
CVE-2023-20899 | 1 Vmware | 2 Sd-wan Edge, Sd-wan Edge Firmware | 2024-08-02 | 7.5 High |
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | ||||
CVE-2023-20895 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 8.1 High |
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | ||||
CVE-2023-20864 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2024-08-02 | 9.8 Critical |
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | ||||
CVE-2023-20873 | 2 Redhat, Vmware | 3 Amq Streams, Camel Spring Boot, Spring Boot | 2024-08-02 | 9.8 Critical |
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | ||||
CVE-2023-20893 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 8.1 High |
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | ||||
CVE-2023-20877 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-08-02 | 8.8 High |
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | ||||
CVE-2023-20868 | 1 Vmware | 1 Nsx-t Data Center | 2024-08-02 | 6.1 Medium |
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | ||||
CVE-2023-20900 | 7 Debian, Fedoraproject, Linux and 4 more | 12 Debian Linux, Fedora, Linux Kernel and 9 more | 2024-08-02 | 7.1 High |
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | ||||
CVE-2023-20880 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2024-08-02 | 6.7 Medium |
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||||
CVE-2023-20890 | 1 Vmware | 1 Aria Operations For Networks | 2024-08-02 | 7.2 High |
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | ||||
CVE-2023-20879 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-08-02 | 6.7 Medium |
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | ||||
CVE-2023-20878 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-08-02 | 7.2 High |
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | ||||
CVE-2023-20871 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2024-08-02 | 7.8 High |
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. | ||||
CVE-2023-20884 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Cloud Foundation and 3 more | 2024-08-02 | 6.1 Medium |
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | ||||
CVE-2023-20883 | 2 Redhat, Vmware | 5 Camel Spring Boot, Jboss Enterprise Bpms Platform, Jboss Fuse and 2 more | 2024-08-02 | 7.5 High |
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. |