Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-34060
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the applian...
Vmware Cloud Director
1 Github repository
1 Article
6.1
CVSSv3
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
Vmware Workspace One Uem
7.8
CVSSv3
CVE-2023-34057
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
Vmware Tools
7.5
CVSSv3
CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be a...
Vmware Open Vm Tools
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Vmware Tools
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
7
CVSSv3
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
Vmware Open Vm Tools
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
4.3
CVSSv3
CVE-2023-34056
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Vmware Vcenter Server 7.0
Vmware Vcenter Server 8.0
Vmware Vcenter Server
1 Article
4.9
CVSSv3
CVE-2023-46118
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages...
Vmware Rabbitmq
7.5
CVSSv3
CVE-2023-46120
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Us...
Vmware Rabbitmq Java Client
9.8
CVSSv3
CVE-2023-34048
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Vmware Vcenter Server 7.0
Vmware Vcenter Server 8.0
Vmware Vcenter Server
1 Github repository
4 Articles
7.8
CVSSv3
CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unp...
Linux Linux Kernel 6.6
Linux Linux Kernel
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »