Filtered by vendor Vmware Subscriptions
Total 902 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-20879 1 Vmware 2 Cloud Foundation, Vrealize Operations 2024-11-21 6.7 Medium
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
CVE-2023-20878 1 Vmware 2 Cloud Foundation, Vrealize Operations 2024-11-21 7.2 High
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
CVE-2023-20877 1 Vmware 2 Cloud Foundation, Vrealize Operations 2024-11-21 8.8 High
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
CVE-2023-20873 2 Redhat, Vmware 3 Amq Streams, Camel Spring Boot, Spring Boot 2024-11-21 9.8 Critical
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
CVE-2023-20872 2 Apple, Vmware 3 Mac Os X, Fusion, Workstation 2024-11-21 8.8 High
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
CVE-2023-20871 2 Apple, Vmware 2 Mac Os X, Fusion 2024-11-21 7.8 High
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
CVE-2023-20870 1 Vmware 2 Fusion, Workstation 2024-11-21 6.0 Medium
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
CVE-2023-20869 1 Vmware 2 Fusion, Workstation 2024-11-21 8.2 High
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
CVE-2023-20868 1 Vmware 1 Nsx-t Data Center 2024-11-21 6.1 Medium
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
CVE-2023-20867 4 Debian, Fedoraproject, Redhat and 1 more 8 Debian Linux, Fedora, Enterprise Linux and 5 more 2024-11-21 3.9 Low
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
CVE-2023-20866 1 Vmware 1 Spring Session 2024-11-21 6.5 Medium
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.
CVE-2023-20865 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2024-11-21 7.2 High
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
CVE-2023-20864 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2024-11-21 9.8 Critical
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
CVE-2023-20863 2 Redhat, Vmware 2 Camel Spring Boot, Spring Framework 2024-11-21 6.5 Medium
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2023-20862 3 Netapp, Redhat, Vmware 3 Active Iq Unified Manager, Ocp Tools, Spring Security 2024-11-21 6.3 Medium
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
CVE-2023-20861 2 Redhat, Vmware 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more 2024-11-21 6.5 Medium
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2023-20860 2 Redhat, Vmware 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more 2024-11-21 7.5 High
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
CVE-2023-20859 1 Vmware 3 Spring Cloud Config, Spring Cloud Vault, Spring Vault 2024-11-21 5.5 Medium
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
CVE-2023-20858 2 Microsoft, Vmware 2 Windows, Carbon Black App Control 2024-11-21 7.2 High
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
CVE-2023-20857 1 Vmware 1 Workspace One Content 2024-11-21 6.8 Medium
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.