CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
25 Oct 2023 — vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. vCenter Server contains a partial information disclosure vulnerability. A malicious ac... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 38%CPEs: 37EXPL: 0CVE-2023-34048 – VMware vCenter Server Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-34048
25 Oct 2023 — vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de escritura fuera de los límites en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los límites que podría conducir a la ejecuc... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20896
https://notcve.org/view.php?id=CVE-2023-20896
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an o... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20895
https://notcve.org/view.php?id=CVE-2023-20895
22 Jun 2023 — The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20894
https://notcve.org/view.php?id=CVE-2023-20894
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially craft... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20893
https://notcve.org/view.php?id=CVE-2023-20893
22 Jun 2023 — The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlyin... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20892 – VMware vCenter Server heap-overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-20892
22 Jun 2023 — The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access ... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 1CVE-2022-31680
https://notcve.org/view.php?id=CVE-2022-31680
07 Oct 2022 — The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. El servidor vCenter contiene una vulnerabilidad de deserialización no segura en el PSC (Platform services controller). Un actor malicioso con acceso de administrador en el servidor vCenter puede aprovechar este problema para ejecuta... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-4928
https://notcve.org/view.php?id=CVE-2017-4928
17 Nov 2017 — The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. vSphere Web Client basado en flash(en versiones 6.0 anteriores a la 6.0 U3c y versiones 5.5 anteriores a la 5.5 U3f), es decir, no el nuevo vSphere Client bas... • http://www.securityfocus.com/bid/101785 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-4919
https://notcve.org/view.php?id=CVE-2017-4919
28 Jul 2017 — VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. VMware vCenter Server versiones 5.5, 6.0, 6.5, permite a los usuarios de vSphere con ciertos privilegios de vSphere limitados usar la API VIX para acceder a los Sistemas Operativos Invitados sin la necesidad de autenticarse. • http://www.securityfocus.com/bid/100102 • CWE-306: Missing Authentication for Critical Function •