Skip to main content

VMware

643 CVEs vendor

Monthly

CVE-2024-37086 MEDIUM This Month

VMware ESXi contains an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Cloud Foundation ESXi
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-22385 MEDIUM This Month

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.1.0 before 3.7.4. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-38329 HIGH This Week

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware IBM Storage Protect For Virtual Environments
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-37081 HIGH POC Act Now

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
5.0%
CVE-2024-37080 CRITICAL PATCH Act Now

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware RCE Memory Corruption Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2024-37079 CRITICAL KEV PATCH THREAT Act Now

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware RCE Memory Corruption Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
22.4%
CVE-2024-36904 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free VMware Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22275 MEDIUM This Month

The vCenter Server contains a partial file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-22274 HIGH This Week

The vCenter Server contains an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2024-22273 HIGH This Week

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Denial Of Service Cloud Foundation +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22270 MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-22269 MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2024-22268 MEDIUM This Month

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service Memory Corruption Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22267 HIGH This Week

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure VMware Memory Corruption Fusion +1
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-22266 MEDIUM This Month

VMware Avi Load Balancer contains an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22264 HIGH This Week

VMware Avi Load Balancer contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-22248 HIGH This Week

VMware SD-WAN Orchestrator contains an open redirect vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect VMware
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-22247 MEDIUM This Month

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass VMware
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-22246 HIGH This Week

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Command Injection VMware
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-22256 MEDIUM PATCH This Month

VMware Cloud Director contains a partial information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Cloud Director
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-22255 HIGH This Week

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Denial Of Service Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2024-22254 HIGH This Week

VMware ESXi contains an out-of-bounds write vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Memory Corruption Cloud Foundation ESXi
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-22253 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Cloud Foundation +3
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-22252 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE Memory Corruption Workstation +2
NVD
CVSS 3.1
6.7
EPSS
3.5%
CVE-2024-22251 MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Fusion Workstation
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-22235 MEDIUM This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-22250 HIGH This Week

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Session Fixation VMware Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22245 CRITICAL Act Now

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2024-21840 HIGH This Week

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.0.0 through 04.9.2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Storage Plug In
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-43082 MEDIUM This Month

Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware Dell Unity Operating Environment Unity Xt Operating Environment +1
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-34060 CRITICAL Act Now

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Director
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-20886 MEDIUM This Month

VMware Workspace ONE UEM console contains an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Open Redirect Workspace One Uem
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34059 HIGH PATCH This Week

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. Rated high severity (CVSS 7.0).

Information Disclosure VMware Open Vm Tools Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-34058 HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass Open Vm Tools Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34057 HIGH This Week

VMware Tools contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Tools
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34056 MEDIUM This Month

vCenter Server contains a partial information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Vcenter Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-5633 HIGH PATCH This Week

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +19
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34045 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34046 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-34044 MEDIUM This Month

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-34052 HIGH PATCH This Week

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Authentication Bypass VMware Deserialization Aria Operations For Logs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34051 CRITICAL PATCH Act Now

VMware Aria Operations for Logs contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

RCE VMware Authentication Bypass Aria Operations For Logs
NVD
CVSS 3.1
9.8
EPSS
44.7%
CVE-2023-27312 MEDIUM This Month

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Snapcenter Plug In
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-36628 HIGH This Week

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Purity Fa
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34043 MEDIUM PATCH This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20900 HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools Open Vm Tools Fedora +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-20890 HIGH This Week

Aria Operations for Networks contains an arbitrary file write vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal VMware Aria Operations For Networks
NVD
CVSS 3.1
7.2
EPSS
21.6%
CVE-2023-4387 HIGH PATCH This Week

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux VMware Memory Corruption +2
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-39250 MEDIUM This Month

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Dell Replay Manager For Vmware Storage Integration Tools For Vmware +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-34038 MEDIUM This Month

VMware Horizon Server contains an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Horizon Client
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34037 MEDIUM This Month

VMware Horizon Server contains a HTTP request smuggling vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Request Smuggling Horizon Client
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-20891 MEDIUM PATCH This Month

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Isolation Segment Tanzu Application Service For Virtual Machines
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-20899 HIGH This Week

VMware SD-WAN (Edge) contains a bypass authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Sd Wan Edge Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20896 HIGH PATCH This Week

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure VMware Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-20895 CRITICAL PATCH Act Now

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-20894 CRITICAL PATCH Act Now

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
33.9%
CVE-2023-20893 CRITICAL PATCH Act Now

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free VMware RCE Memory Corruption Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20892 CRITICAL PATCH Act Now

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-20889 HIGH POC PATCH THREAT This Week

Aria Operations for Networks contains an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Information Disclosure VMware Command Injection Vrealize Network Insight
NVD
CVSS 3.1
7.5
EPSS
79.3%
CVE-2023-20888 HIGH POC PATCH THREAT This Week

Aria Operations for Networks contains an authenticated deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE VMware Deserialization Vrealize Network Insight
NVD
CVSS 3.1
8.8
EPSS
82.3%
CVE-2023-20887 CRITICAL POC KEV PATCH THREAT Act Now

Aria Operations for Networks contains a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE VMware Command Injection Aria Operations For Networks
NVD
CVSS 3.1
9.8
EPSS
98.3%
CVE-2023-20884 MEDIUM PATCH This Month

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Information Disclosure VMware Open Redirect Identity Manager Workspace One Access +2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-20880 MEDIUM This Month

VMware Aria Operations contains a privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20879 MEDIUM This Month

VMware Aria Operations contains a Local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20878 HIGH This Week

VMware Aria Operations contains a deserialization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Deserialization Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-20877 HIGH This Week

VMware Aria Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE VMware Authentication Bypass Cloud Foundation +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-20870 MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Fusion Workstation
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2023-20869 HIGH This Week

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware Fusion Workstation
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2023-20872 HIGH This Week

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware Fusion Workstation
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-20871 HIGH This Week

VMware Fusion contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass Fusion
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-20865 HIGH This Week

VMware Aria Operations for Logs contains a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Command Injection Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-20864 CRITICAL POC THREAT Act Now

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Deserialization Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
70.4%
CVE-2023-1544 MEDIUM PATCH This Month

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure VMware Qemu Fedora
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-20857 MEDIUM This Month

VMware Workspace ONE Content contains a passcode bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Workspace One Content
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-20858 HIGH PATCH This Week

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Carbon Black App Control
NVD
CVSS 3.1
7.2
EPSS
16.9%
CVE-2023-20855 HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-20854 HIGH PATCH This Week

VMware Workstation contains an arbitrary file deletion vulnerability. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Workstation
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2023-20856 HIGH This Week

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware CSRF Vrealize Operations
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-31708 MEDIUM PATCH This Month

vRealize Operations (vROps) contains a broken access control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-31707 HIGH PATCH This Week

vRealize Operations (vROps) contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-31705 HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware Buffer Overflow Workstation +2
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2022-31701 MEDIUM This Month

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Access Cloud Foundation Identity Manager Connector
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-31700 HIGH This Week

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE VMware Access Cloud Foundation Identity Manager
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-31699 LOW Monitor

VMware ESXi contains a heap-overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure VMware Buffer Overflow Cloud Foundation +1
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-31698 MEDIUM This Month

The vCenter Server contains a denial-of-service vulnerability in the content library service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Denial Of Service Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
47.8%
CVE-2022-31697 MEDIUM This Month

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-31696 HIGH PATCH This Week

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption VMware Buffer Overflow Cloud Foundation ESXi
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38652 CRITICAL Act Now

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft VMware Deserialization Hyperic Agent
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2022-38651 CRITICAL Act Now

A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Hyperic Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-38650 CRITICAL Act Now

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Deserialization Hyperic Server
NVD
CVSS 3.1
10.0
EPSS
0.8%
EPSS 0% CVSS 6.8
MEDIUM This Month

VMware ESXi contains an out-of-bounds read vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.1.0 before 3.7.4. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware
NVD
EPSS 0% CVSS 7.7
HIGH This Week

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware IBM +1
NVD
EPSS 5% CVSS 7.8
HIGH POC Act Now

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server +1
NVD
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware RCE +2
NVD
EPSS 22% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The vCenter Server contains a partial file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Cloud Foundation +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The vCenter Server contains an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE VMware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +5
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +1
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +3
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure VMware +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

VMware Avi Load Balancer contains an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

VMware Avi Load Balancer contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware
NVD
EPSS 0% CVSS 7.1
HIGH This Week

VMware SD-WAN Orchestrator contains an open redirect vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect VMware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass VMware
NVD
EPSS 0% CVSS 7.4
HIGH This Week

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Command Injection VMware
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

VMware Cloud Director contains a partial information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Cloud Director
NVD
EPSS 2% CVSS 7.1
HIGH This Week

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Denial Of Service +4
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi contains an out-of-bounds write vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Memory Corruption +2
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE +5
NVD
EPSS 4% CVSS 6.7
MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware RCE +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Session Fixation VMware +1
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.0.0 through 04.9.2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Storage Plug In
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware Dell +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Director
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

VMware Workspace ONE UEM console contains an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Open Redirect Workspace One Uem
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. Rated high severity (CVSS 7.0).

Information Disclosure VMware Open Vm Tools +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Tools contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Tools
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

vCenter Server contains a partial information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Vcenter Server
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Linux Kernel +21
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
EPSS 0% CVSS 7.0
HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Authentication Bypass VMware Deserialization +1
NVD
EPSS 45% CVSS 9.8
CRITICAL PATCH Act Now

VMware Aria Operations for Logs contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

RCE VMware Authentication Bypass +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Snapcenter Plug In
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Purity Fa
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Aria Operations +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools +4
NVD
EPSS 22% CVSS 7.2
HIGH This Week

Aria Operations for Networks contains an arbitrary file write vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal VMware +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Dell +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

VMware Horizon Server contains an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Horizon Client
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

VMware Horizon Server contains a HTTP request smuggling vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Request Smuggling +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Isolation Segment +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

VMware SD-WAN (Edge) contains a bypass authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Sd Wan Edge Firmware
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure VMware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow VMware +1
NVD
EPSS 34% CVSS 9.8
CRITICAL PATCH Act Now

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow VMware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free VMware RCE +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 79% CVSS 7.5
HIGH POC PATCH THREAT This Week

Aria Operations for Networks contains an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Information Disclosure VMware Command Injection +1
NVD
EPSS 82% CVSS 8.8
HIGH POC PATCH THREAT This Week

Aria Operations for Networks contains an authenticated deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE VMware Deserialization +1
NVD
EPSS 98% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Aria Operations for Networks contains a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE VMware Command Injection +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Information Disclosure VMware Open Redirect +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

VMware Aria Operations contains a privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

VMware Aria Operations contains a Local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

VMware Aria Operations contains a deserialization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Deserialization Cloud Foundation +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

VMware Aria Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE VMware +3
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 2% CVSS 8.2
HIGH This Week

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Fusion contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

VMware Aria Operations for Logs contains a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Command Injection Aria Operations For Logs +1
NVD
EPSS 70% CVSS 9.8
CRITICAL POC THREAT Act Now

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Deserialization +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

VMware Workspace ONE Content contains a passcode bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Workspace One Content
NVD
EPSS 17% CVSS 7.2
HIGH PATCH This Week

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Carbon Black App Control
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

VMware Workstation contains an arbitrary file deletion vulnerability. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Workstation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware CSRF Vrealize Operations
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

vRealize Operations (vROps) contains a broken access control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

vRealize Operations (vROps) contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
EPSS 2% CVSS 8.2
HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware +4
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Access +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE VMware Access +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

VMware ESXi contains a heap-overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure VMware +3
NVD
EPSS 48% CVSS 5.3
MEDIUM This Month

The vCenter Server contains a denial-of-service vulnerability in the content library service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Denial Of Service Cloud Foundation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Vcenter Server +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption VMware Buffer Overflow +2
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft VMware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Hyperic Server
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Deserialization +1
NVD
Prev Page 2 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy