Filtered by vendor Vmware
Subscribe
Total
839 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20860 | 1 Vmware | 1 Spring Framework | 2024-02-04 | N/A | 7.5 HIGH |
| Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | |||||
| CVE-2023-20892 | 1 Vmware | 1 Vcenter Server | 2024-02-04 | N/A | 9.8 CRITICAL |
| The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | |||||
| CVE-2023-20869 | 1 Vmware | 2 Fusion, Workstation | 2024-02-04 | N/A | 8.2 HIGH |
| VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | |||||
| CVE-2023-20883 | 1 Vmware | 1 Spring Boot | 2024-02-04 | N/A | 7.5 HIGH |
| In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | |||||
| CVE-2023-20864 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2024-02-04 | N/A | 9.8 CRITICAL |
| VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | |||||
| CVE-2023-20896 | 1 Vmware | 1 Vcenter Server | 2024-02-04 | N/A | 7.5 HIGH |
| The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | |||||
| CVE-2023-20868 | 1 Vmware | 1 Nsx-t Data Center | 2024-02-04 | N/A | 6.1 MEDIUM |
| NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | |||||
| CVE-2023-20877 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-02-04 | N/A | 8.8 HIGH |
| VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | |||||
| CVE-2023-20884 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Cloud Foundation and 3 more | 2024-02-04 | N/A | 6.1 MEDIUM |
| VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | |||||
| CVE-2023-20873 | 1 Vmware | 1 Spring Boot | 2024-02-04 | N/A | 9.8 CRITICAL |
| In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | |||||
| CVE-2023-20893 | 1 Vmware | 1 Vcenter Server | 2024-02-04 | N/A | 9.8 CRITICAL |
| The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | |||||
| CVE-2023-20861 | 1 Vmware | 1 Spring Framework | 2024-02-04 | N/A | 6.5 MEDIUM |
| In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-20879 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-02-04 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | |||||
| CVE-2023-29552 | 4 Netapp, Service Location Protocol Project, Suse and 1 more | 5 Smi-s Provider, Service Location Protocol, Linux Enterprise Server and 2 more | 2024-02-04 | N/A | 7.5 HIGH |
| The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. | |||||
| CVE-2023-20865 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2024-02-04 | N/A | 7.2 HIGH |
| VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | |||||
| CVE-2023-20878 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-02-04 | N/A | 7.2 HIGH |
| VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | |||||
| CVE-2023-20895 | 1 Vmware | 1 Vcenter Server | 2024-02-04 | N/A | 9.8 CRITICAL |
| The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | |||||
| CVE-2022-31707 | 1 Vmware | 1 Vrealize Operations | 2024-02-04 | N/A | 7.2 HIGH |
| vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | |||||
| CVE-2022-31701 | 2 Linux, Vmware | 4 Linux Kernel, Access, Cloud Foundation and 1 more | 2024-02-04 | N/A | 5.3 MEDIUM |
| VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | |||||
| CVE-2021-31693 | 1 Vmware | 1 Tools | 2024-02-04 | N/A | 6.5 MEDIUM |
| The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. | |||||