Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-20888 Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
network
low complexity
vmware CWE-502
8.8
2023-06-07 CVE-2023-20889 Command Injection vulnerability in VMWare Vrealize Network Insight
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
network
low complexity
vmware CWE-77
7.5
2023-06-07 CVE-2022-31693 Unspecified vulnerability in VMWare Tools
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver.
local
low complexity
vmware
5.5
2023-05-30 CVE-2023-20884 Open Redirect vulnerability in VMWare products
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
network
low complexity
vmware CWE-601
6.1
2023-05-26 CVE-2023-20868 Cross-site Scripting vulnerability in VMWare Nsx-T Data Center
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation.
network
low complexity
vmware CWE-79
6.1
2023-05-26 CVE-2023-20883 Resource Exhaustion vulnerability in VMWare Spring Boot
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
network
low complexity
vmware CWE-400
7.5
2023-05-15 CVE-2023-31131 Unspecified vulnerability in VMWare Greenplum Database
Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL.
network
low complexity
vmware
critical
9.1
2023-05-12 CVE-2023-20877 Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a privilege escalation vulnerability.
network
low complexity
vmware
8.8
2023-05-12 CVE-2023-20878 Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
7.2
2023-05-12 CVE-2023-20879 Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a Local privilege escalation vulnerability.
local
low complexity
vmware
6.7