Vulnerabilities > Vmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-17 CVE-2024-38812 Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
network
low complexity
vmware CWE-787
critical
9.8
2024-09-17 CVE-2024-38813 Improper Check for Dropped Privileges vulnerability in VMWare Vcenter Server 7.0/8.0
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
network
low complexity
vmware CWE-273
critical
9.8
2024-06-18 CVE-2024-37079 Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.
network
low complexity
vmware CWE-787
critical
9.8
2024-06-18 CVE-2024-37080 Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.
network
low complexity
vmware CWE-787
critical
9.8
2023-11-14 CVE-2023-34060 Missing Authentication for Critical Function vulnerability in VMWare Cloud Director 10.4.0
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) .
network
low complexity
vmware CWE-306
critical
9.8
2023-10-25 CVE-2023-34048 Out-of-bounds Write vulnerability in VMWare Vcenter Server
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
network
low complexity
vmware CWE-787
critical
9.8
2023-10-20 CVE-2023-34051 Incorrect Authorization vulnerability in VMWare Aria Operations for Logs
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
network
low complexity
vmware CWE-863
critical
9.8
2023-08-29 CVE-2023-34039 Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
network
low complexity
vmware CWE-327
critical
9.8
2023-07-19 CVE-2023-34034 Unspecified vulnerability in VMWare Spring Security
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
network
low complexity
vmware
critical
9.8
2023-06-22 CVE-2023-20892 Out-of-bounds Write vulnerability in VMWare Vcenter Server
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
network
low complexity
vmware CWE-787
critical
9.8