Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Total 896 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20900 6 Debian, Fedoraproject, Linux and 3 more 7 Debian Linux, Fedora, Linux Kernel and 4 more 2024-11-21 N/A 7.1 HIGH
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
CVE-2023-20899 1 Vmware 2 Sd-wan Edge, Sd-wan Edge Firmware 2024-11-21 N/A 7.5 HIGH
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.
CVE-2023-20896 1 Vmware 1 Vcenter Server 2024-11-21 N/A 5.9 MEDIUM
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
CVE-2023-20895 1 Vmware 1 Vcenter Server 2024-11-21 N/A 8.1 HIGH
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
CVE-2023-20894 1 Vmware 1 Vcenter Server 2024-11-21 N/A 8.1 HIGH
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
CVE-2023-20893 1 Vmware 1 Vcenter Server 2024-11-21 N/A 8.1 HIGH
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
CVE-2023-20892 1 Vmware 1 Vcenter Server 2024-11-21 N/A 8.1 HIGH
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
CVE-2023-20891 1 Vmware 2 Isolation Segment, Tanzu Application Service For Virtual Machines 2024-11-21 N/A 6.5 MEDIUM
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.
CVE-2023-20890 1 Vmware 1 Aria Operations For Networks 2024-11-21 N/A 7.2 HIGH
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
CVE-2023-20889 1 Vmware 1 Vrealize Network Insight 2024-11-21 N/A 7.5 HIGH
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
CVE-2023-20888 1 Vmware 1 Vrealize Network Insight 2024-11-21 N/A 8.8 HIGH
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
CVE-2023-20887 1 Vmware 1 Aria Operations For Networks 2024-11-21 N/A 9.8 CRITICAL
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
CVE-2023-20886 1 Vmware 1 Workspace One Uem 2024-11-21 N/A 8.8 HIGH
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
CVE-2023-20884 3 Linux, Microsoft, Vmware 6 Linux Kernel, Windows, Cloud Foundation and 3 more 2024-11-21 N/A 6.1 MEDIUM
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
CVE-2023-20883 1 Vmware 1 Spring Boot 2024-11-21 N/A 7.5 HIGH
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CVE-2023-20880 1 Vmware 2 Aria Operations, Cloud Foundation 2024-11-21 N/A 6.7 MEDIUM
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVE-2023-20879 1 Vmware 2 Cloud Foundation, Vrealize Operations 2024-11-21 N/A 6.7 MEDIUM
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
CVE-2023-20878 1 Vmware 2 Cloud Foundation, Vrealize Operations 2024-11-21 N/A 7.2 HIGH
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
CVE-2023-20877 1 Vmware 2 Cloud Foundation, Vrealize Operations 2024-11-21 N/A 8.8 HIGH
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
CVE-2023-20873 1 Vmware 1 Spring Boot 2024-11-21 N/A 9.8 CRITICAL
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.