Vulnerabilities > Vmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2023-20888 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | 8.8 |
2023-06-07 | CVE-2023-20889 | Command Injection vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 7.5 |
2023-06-07 | CVE-2022-31693 | Unspecified vulnerability in VMWare Tools VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. | 5.5 |
2023-05-30 | CVE-2023-20884 | Open Redirect vulnerability in VMWare products VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | 6.1 |
2023-05-26 | CVE-2023-20868 | Cross-site Scripting vulnerability in VMWare Nsx-T Data Center NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. | 6.1 |
2023-05-26 | CVE-2023-20883 | Resource Exhaustion vulnerability in VMWare Spring Boot In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | 7.5 |
2023-05-15 | CVE-2023-31131 | Unspecified vulnerability in VMWare Greenplum Database Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. | 9.1 |
2023-05-12 | CVE-2023-20877 | Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a privilege escalation vulnerability. | 8.8 |
2023-05-12 | CVE-2023-20878 | Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. | 7.2 |
2023-05-12 | CVE-2023-20879 | Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a Local privilege escalation vulnerability. | 6.7 |