Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2023-20872 | Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | 8.8 |
| 2023-04-25 | CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. | 7.5 |
| 2023-04-20 | CVE-2023-20865 | Command Injection vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a command injection vulnerability. | 7.2 |
| 2023-03-27 | CVE-2023-20860 | Unspecified vulnerability in VMWare Spring Framework Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | 7.5 |
| 2023-02-22 | CVE-2023-20855 | XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. | 8.8 |
| 2023-02-22 | CVE-2023-20858 | Injection vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. | 7.2 |
| 2023-02-16 | CVE-2022-36416 | Unspecified vulnerability in VMWare Ixgben 1.10.0.1 Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-02-03 | CVE-2023-20854 | Improper Privilege Management vulnerability in VMWare Workstation 17.0 VMware Workstation contains an arbitrary file deletion vulnerability. | 8.4 |
| 2023-02-01 | CVE-2023-20856 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vrealize Operations VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. | 8.8 |
| 2023-01-26 | CVE-2022-31710 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize LOG Insight vRealize Log Insight contains a deserialization vulnerability. | 7.5 |