CVSS: 10.0EPSS: 3%CPEs: 33EXPL: 0CVE-2023-20893
https://notcve.org/view.php?id=CVE-2023-20893
22 Jun 2023 — The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlyin... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 33EXPL: 0CVE-2023-20892 – VMware vCenter Server heap-overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-20892
22 Jun 2023 — The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access ... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 83%CPEs: 9EXPL: 2CVE-2023-29552 – Service Location Protocol (SLP) Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-29552
25 Apr 2023 — The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant ampli... • https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html •
CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2022-31697
https://notcve.org/view.php?id=CVE-2022-31697
13 Dec 2022 — The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. vCenter Server contiene una vulnerabilidad de divulgación de información debido al registro de credenciales en texto plano. Un actor malintencionado con acceso a una estación de trabajo que invocó una o... • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 5%CPEs: 105EXPL: 0CVE-2022-31698
https://notcve.org/view.php?id=CVE-2022-31698
13 Dec 2022 — The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. vCenter Server contiene una vulnerabilidad de Denegación de Servicio (DoS) en el servicio de librería de contenido. Un actor malintencionado con acceso de red al puerto 443 en vCenter Server puede aprovechar este problema para desencadenar una con... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38650
https://notcve.org/view.php?id=CVE-2022-38650
12 Nov 2022 — A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Existe una vulnerabilidad de deserialización insegura remota no autenticada en VMware Hyperic Server 5.8.6. La explot... • https://www.cyber.gov.au/acsc/view-all-content/alerts/multiple-vulnerabilities-vmware-vrealize-hyperic-monitoring-and-performance-management-product • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38651
https://notcve.org/view.php?id=CVE-2022-38651
12 Nov 2022 — A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Existe una configuración incorrecta del filtro de seguridad en VMware Hyperic Server 5.8.6. La explotación de esta vulnerabilidad permite a una parte maliciosa omitir algunos requisitos de autentica... • https://www.cyber.gov.au/acsc/view-all-content/alerts/multiple-vulnerabilities-vmware-vrealize-hyperic-monitoring-and-performance-management-product •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 1CVE-2022-31680
https://notcve.org/view.php?id=CVE-2022-31680
07 Oct 2022 — The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. El servidor vCenter contiene una vulnerabilidad de deserialización no segura en el PSC (Platform services controller). Un actor malicioso con acceso de administrador en el servidor vCenter puede aprovechar este problema para ejecuta... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 69EXPL: 0CVE-2022-22982 – VMware Security Advisory 2022-0018
https://notcve.org/view.php?id=CVE-2022-22982
12 Jul 2022 — The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. El servidor vCenter contiene una vulnerabilidad de tipo server-side request forgery (SSRF). Un actor malicioso con acceso de red a 443 en el vCenter Server puede explotar este problema al acceder a una petición de URL fuera del vCenter Server o accediendo... • https://www.vmware.com/security/advisories/VMSA-2022-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 94%CPEs: 97EXPL: 82CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •