High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-12	CVE-2023-20877	Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a privilege escalation vulnerability. network low complexity vmware	8.8
2023-05-12	CVE-2023-20878	Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. network low complexity vmware CWE-502	7.2
2023-04-25	CVE-2023-20869	Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. local low complexity vmware CWE-787	8.2
2023-04-25	CVE-2023-20871	Unspecified vulnerability in VMWare Fusion 13.0.0/13.0.1 VMware Fusion contains a local privilege escalation vulnerability. local low complexity vmware	7.8
2023-04-25	CVE-2023-20872	Out-of-bounds Write vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. local low complexity vmware CWE-787	8.8
2023-04-25	CVE-2023-29552	The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. network low complexity netapp suse vmware service-location-protocol-project	7.5
2023-04-20	CVE-2023-20865	Command Injection vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a command injection vulnerability. network low complexity vmware CWE-77	7.2
2023-03-27	CVE-2023-20860	Unspecified vulnerability in VMWare Spring Framework Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. network low complexity vmware	7.5
2023-02-22	CVE-2023-20855	XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. network low complexity vmware CWE-611	8.8
2023-02-22	CVE-2023-20858	Injection vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. network low complexity vmware CWE-74	7.2