CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22273
https://notcve.org/view.php?id=CVE-2024-22273
21 May 2024 — The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. Los controladores de almacenamiento en VMware ESXi, Workstation y Fusion tienen una vulnerabilidad de lectura/escritura fuera de los límites. Un actor malintencionad... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22254 – Out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-22254
05 Mar 2024 — VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. VMware ESXi contiene una vulnerabilidad de escritura fuera de los límites. Un actor malicioso con privilegios dentro del proceso VMX puede desencadenar una escritura fuera de los límites que conduzca a un escape del entorno limitado. VMware ESXi contains an out-of-bounds write vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22253 – Use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2024-22253
05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22252 – Use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2024-22252
05 Mar 2024 — VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una ... • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22235
https://notcve.org/view.php?id=CVE-2024-22235
21 Feb 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso administrativo al sistema local puede escalar privilegios a "root". VMware Aria Operations contains a local privilege escalation vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0004.html • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 12EXPL: 0CVE-2023-34063
https://notcve.org/view.php?id=CVE-2023-34063
16 Jan 2024 — Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. Aria Automation contiene una vulnerabilidad de control de acceso faltante. Un actor malicioso autenticado puede explotar esta vulnerabilidad y provocar acceso no autorizado a organizaciones y workflows remotos. • https://www.vmware.com/security/advisories/VMSA-2024-0001.html • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34043
https://notcve.org/view.php?id=CVE-2023-34043
26 Sep 2023 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso administrativo al sistema local puede escalar privilegios a "root". VMware Aria Operations contains a local privilege escalation vulnerability. • https://www.vmware.com/security/advisories/VMSA-2023-0020.html • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20884
https://notcve.org/view.php?id=CVE-2023-20884
30 May 2023 — VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leadi... • https://www.vmware.com/security/advisories/VMSA-2023-0011.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20877
https://notcve.org/view.php?id=CVE-2023-20877
12 May 2023 — VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20878
https://notcve.org/view.php?id=CVE-2023-20878
12 May 2023 — VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-502: Deserialization of Untrusted Data •