Vulnerabilities > Vmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-20893 | Use After Free vulnerability in VMWare Vcenter Server The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | 9.8 |
| 2023-06-22 | CVE-2023-20894 | Out-of-bounds Write vulnerability in VMWare Vcenter Server The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | 9.8 |
| 2023-06-22 | CVE-2023-20895 | Out-of-bounds Write vulnerability in VMWare Vcenter Server The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | 9.8 |
| 2023-06-07 | CVE-2023-20887 | Command Injection vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a command injection vulnerability. | 9.8 |
| 2023-05-15 | CVE-2023-31131 | Path Traversal vulnerability in VMWare Greenplum Database Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. | 9.1 |
| 2023-04-20 | CVE-2023-20864 | Deserialization of Untrusted Data vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a deserialization vulnerability. | 9.8 |
| 2023-04-20 | CVE-2023-20873 | Unspecified vulnerability in VMWare Spring Boot In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. | 9.8 |
| 2023-01-26 | CVE-2022-31704 | Unspecified vulnerability in VMWare Vrealize LOG Insight The vRealize Log Insight contains a broken access control vulnerability. | 9.8 |
| 2023-01-26 | CVE-2022-31706 | Path Traversal vulnerability in VMWare Vrealize LOG Insight The vRealize Log Insight contains a Directory Traversal Vulnerability. | 9.8 |
| 2022-12-14 | CVE-2022-31702 | Command Injection vulnerability in VMWare Vrealize Network Insight vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. | 9.8 |