Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-46120
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Us...
Vmware Rabbitmq Java Client
7.8
CVSSv3
CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unp...
Linux Linux Kernel 6.6
Linux Linux Kernel
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
7.8
CVSSv3
CVE-2023-34045
VMware Fusion(13.x before 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor wi...
Vmware Fusion
6
CVSSv3
CVE-2023-34044
VMware Workstation( 17.x before 17.5) and Fusion(13.x before 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine...
Vmware Workstation
Vmware Fusion
7
CVSSv3
CVE-2023-34046
VMware Fusion(13.x before 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious ...
Vmware Fusion
9.8
CVSSv3
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Vmware Aria Operations For Logs 8.8
Vmware Aria Operations For Logs 8.6
Vmware Aria Operations For Logs 5.0
Vmware Aria Operations For Logs 4.0
Vmware Aria Operations For Logs 8.10
Vmware Aria Operations For Logs 8.10.2
Vmware Aria Operations For Logs 8.12
1 Github repository
7.8
CVSSv3
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.
Vmware Aria Operations For Logs 5.0
Vmware Aria Operations For Logs 4.0
Vmware Aria Operations For Logs 8.10.2
Vmware Aria Operations For Logs 8.12
4.3
CVSSv3
CVE-2023-34050
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provi...
Vmware Spring Advanced Message Queuing Protocol
2 Github repositories
4.3
CVSSv3
CVE-2023-27312
SnapCenter Plugin for VMware vSphere versions 4.6 before 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.
Netapp Snapcenter Plug-in
8.8
CVSSv3
CVE-2023-36628
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
Purestorage Purity\\/\\/fa
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »