Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-34040 Deserialization of Untrusted Data vulnerability in VMWare Spring for Apache Kafka
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied.
local
low complexity
vmware CWE-502
7.8
2023-07-06 CVE-2023-20899 Missing Authorization vulnerability in VMWare Sd-Wan Edge Firmware 4.5.0
VMware SD-WAN (Edge) contains a bypass authentication vulnerability.
network
low complexity
vmware CWE-862
7.5
2023-06-22 CVE-2023-20896 Out-of-bounds Read vulnerability in VMWare Vcenter Server
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
network
low complexity
vmware CWE-125
7.5
2023-06-07 CVE-2023-20888 Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
network
low complexity
vmware CWE-502
8.8
2023-06-07 CVE-2023-20889 Command Injection vulnerability in VMWare Vrealize Network Insight
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
network
low complexity
vmware CWE-77
7.5
2023-05-26 CVE-2023-20883 Resource Exhaustion vulnerability in VMWare Spring Boot
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
network
low complexity
vmware CWE-400
7.5
2023-05-12 CVE-2023-20877 Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a privilege escalation vulnerability.
network
low complexity
vmware
8.8
2023-05-12 CVE-2023-20878 Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
7.2
2023-04-25 CVE-2023-20869 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
local
low complexity
vmware CWE-787
8.2
2023-04-25 CVE-2023-20871 Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1
VMware Fusion contains a local privilege escalation vulnerability.
local
low complexity
vmware
7.8