Filtered by vendor Vmware
Subscriptions
Total
892 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-20872 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-08-02 | 8.8 High |
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | ||||
CVE-2023-20869 | 1 Vmware | 2 Fusion, Workstation | 2024-08-02 | 8.2 High |
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | ||||
CVE-2023-20859 | 1 Vmware | 3 Spring Cloud Config, Spring Cloud Vault, Spring Vault | 2024-08-02 | 5.5 Medium |
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. | ||||
CVE-2023-20865 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2024-08-02 | 7.2 High |
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | ||||
CVE-2023-20870 | 1 Vmware | 2 Fusion, Workstation | 2024-08-02 | 6.0 Medium |
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | ||||
CVE-2023-20860 | 2 Redhat, Vmware | 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more | 2024-08-02 | 7.5 High |
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | ||||
CVE-2023-20861 | 2 Redhat, Vmware | 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more | 2024-08-02 | 6.5 Medium |
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||
CVE-2023-20863 | 2 Redhat, Vmware | 2 Camel Spring Boot, Spring Framework | 2024-08-02 | 6.5 Medium |
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||
CVE-2023-20862 | 3 Netapp, Redhat, Vmware | 3 Active Iq Unified Manager, Ocp Tools, Spring Security | 2024-08-02 | 6.3 Medium |
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. | ||||
CVE-2023-20866 | 1 Vmware | 1 Spring Session | 2024-08-02 | 6.5 Medium |
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. | ||||
CVE-2023-20854 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2024-08-02 | 8.4 High |
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. | ||||
CVE-2023-20855 | 1 Vmware | 2 Vrealize Automation, Vrealize Orchestrator | 2024-08-02 | 8.8 High |
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. | ||||
CVE-2023-20858 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-08-02 | 7.2 High |
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. | ||||
CVE-2023-20857 | 1 Vmware | 1 Workspace One Content | 2024-08-02 | 6.8 Medium |
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. | ||||
CVE-2023-20856 | 1 Vmware | 1 Vrealize Operations | 2024-08-02 | 8.8 High |
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | ||||
CVE-2023-0191 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-08-02 | 7.1 High |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. | ||||
CVE-2023-0181 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-08-02 | 7.1 High |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | ||||
CVE-2023-0197 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-08-02 | 5.5 Medium |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. | ||||
CVE-2023-0188 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-08-02 | 5.5 Medium |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. | ||||
CVE-2023-0198 | 5 Citrix, Linux, Nvidia and 2 more | 5 Hypervisor, Linux Kernel, Virtual Gpu and 2 more | 2024-08-02 | 6.6 Medium |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. |