Vulnerabilities > Vmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-20893 Use After Free vulnerability in VMWare Vcenter Server
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
network
low complexity
vmware CWE-416
critical
9.8
2023-06-22 CVE-2023-20894 Out-of-bounds Write vulnerability in VMWare Vcenter Server
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
network
low complexity
vmware CWE-787
critical
9.8
2023-06-22 CVE-2023-20895 Out-of-bounds Write vulnerability in VMWare Vcenter Server
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
network
low complexity
vmware CWE-787
critical
9.8
2023-06-07 CVE-2023-20887 Command Injection vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a command injection vulnerability.
network
low complexity
vmware CWE-77
critical
9.8
2023-05-15 CVE-2023-31131 Unspecified vulnerability in VMWare Greenplum Database
Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL.
network
low complexity
vmware
critical
9.1
2023-04-20 CVE-2023-20864 Deserialization of Untrusted Data vulnerability in VMWare Aria Operations for Logs and Cloud Foundation
VMware Aria Operations for Logs contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
critical
9.8
2023-04-20 CVE-2023-20873 Unspecified vulnerability in VMWare Spring Boot
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass.
network
low complexity
vmware
critical
9.8
2023-01-26 CVE-2022-31704 Unspecified vulnerability in VMWare Vrealize LOG Insight
The vRealize Log Insight contains a broken access control vulnerability.
network
low complexity
vmware
critical
9.8
2023-01-26 CVE-2022-31706 Path Traversal vulnerability in VMWare Vrealize LOG Insight
The vRealize Log Insight contains a Directory Traversal Vulnerability.
network
low complexity
vmware CWE-22
critical
9.8
2022-12-14 CVE-2022-31702 Command Injection vulnerability in VMWare Vrealize Network Insight
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API.
network
low complexity
vmware CWE-77
critical
9.8