Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-24 | CVE-2023-34040 | Deserialization of Untrusted Data vulnerability in VMWare Spring for Apache Kafka In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. | 7.8 |
| 2023-07-06 | CVE-2023-20899 | Missing Authorization vulnerability in VMWare Sd-Wan Edge Firmware VMware SD-WAN (Edge) contains a bypass authentication vulnerability. | 7.5 |
| 2023-06-22 | CVE-2023-20896 | Out-of-bounds Read vulnerability in VMWare Vcenter Server The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | 7.5 |
| 2023-06-07 | CVE-2023-20888 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | 8.8 |
| 2023-06-07 | CVE-2023-20889 | Command Injection vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 7.5 |
| 2023-05-26 | CVE-2023-20883 | Resource Exhaustion vulnerability in VMWare Spring Boot In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | 7.5 |
| 2023-05-12 | CVE-2023-20877 | Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a privilege escalation vulnerability. | 8.8 |
| 2023-05-12 | CVE-2023-20878 | Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. | 7.2 |
| 2023-04-25 | CVE-2023-20869 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | 8.2 |
| 2023-04-25 | CVE-2023-20871 | Unspecified vulnerability in VMWare Fusion VMware Fusion contains a local privilege escalation vulnerability. | 7.8 |