CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20857
https://notcve.org/view.php?id=CVE-2023-20857
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. • http://packetstormsecurity.com/files/171158/VMware-Security-Advisory-2023-0006.html https://www.vmware.com/security/advisories/VMSA-2023-0006.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20855
https://notcve.org/view.php?id=CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. • https://www.vmware.com/security/advisories/VMSA-2023-0005.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20858
https://notcve.org/view.php?id=CVE-2023-20858
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. • https://www.vmware.com/security/advisories/VMSA-2023-0004.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36797
https://notcve.org/view.php?id=CVE-2022-36797
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00750.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36416
https://notcve.org/view.php?id=CVE-2022-36416
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00750.html •