CVSS: 9.9EPSS: 0%CPEs: 12EXPL: 0CVE-2023-34063
https://notcve.org/view.php?id=CVE-2023-34063
16 Jan 2024 — Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. Aria Automation contiene una vulnerabilidad de control de acceso faltante. Un actor malicioso autenticado puede explotar esta vulnerabilidad y provocar acceso no autorizado a organizaciones y workflows remotos. • https://www.vmware.com/security/advisories/VMSA-2024-0001.html • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34043
https://notcve.org/view.php?id=CVE-2023-34043
26 Sep 2023 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso administrativo al sistema local puede escalar privilegios a "root". VMware Aria Operations contains a local privilege escalation vulnerability. • https://www.vmware.com/security/advisories/VMSA-2023-0020.html • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20877
https://notcve.org/view.php?id=CVE-2023-20877
12 May 2023 — VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20878
https://notcve.org/view.php?id=CVE-2023-20878
12 May 2023 — VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20879
https://notcve.org/view.php?id=CVE-2023-20879
12 May 2023 — VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20880
https://notcve.org/view.php?id=CVE-2023-20880
12 May 2023 — VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 26%CPEs: 2EXPL: 0CVE-2023-20864 – VMware Aria Operations for Logs Cluster Controller Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-20864
20 Apr 2023 — VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InternalClusterController class. The issue results from the lack of pro... • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20865
https://notcve.org/view.php?id=CVE-2023-20865
20 Apr 2023 — VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2022-31698
https://notcve.org/view.php?id=CVE-2022-31698
13 Dec 2022 — The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. vCenter Server contiene una vulnerabilidad de Denegación de Servicio (DoS) en el servicio de librería de contenido. Un actor malintencionado con acceso de red al puerto 443 en vCenter Server puede aprovechar este problema para desencadenar una con... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588 •
CVSS: 3.3EPSS: 0%CPEs: 285EXPL: 0CVE-2022-31699
https://notcve.org/view.php?id=CVE-2022-31699
13 Dec 2022 — VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. VMware ESXi contiene una vulnerabilidad de desbordamiento del heap. Un actor local malicioso con privilegios restringidos dentro de un proceso de espacio aislado puede aprovechar este problema para lograr una divulgación parcial de información. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-787: Out-of-bounds Write •