Page 2 of 72 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html •

CVSS: 9.8EPSS: 14%CPEs: 2EXPL: 0

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InternalClusterController class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 266EXPL: 0

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. VMware ESXi contiene una vulnerabilidad de corrupción de memoria que existe en la forma en que maneja un socket de red. Un actor malintencionado con acceso local a ESXi puede aprovechar este problema para dañar la memoria y provocar un escape del entorno limitado de ESXi. This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. vCenter Server contiene una vulnerabilidad de Denegación de Servicio (DoS) en el servicio de librería de contenido. Un actor malintencionado con acceso de red al puerto 443 en vCenter Server puede aprovechar este problema para desencadenar una condición de Denegación de Servicio (DoS) enviando un encabezado especialmente manipulado. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588 https://www.vmware.com/security/advisories/VMSA-2022-0030.html •