CVE-2023-20893
https://notcve.org/view.php?id=CVE-2023-20893
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-416: Use After Free •
CVE-2023-20892 – VMware vCenter Server heap-overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-20892
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-787: Out-of-bounds Write •
CVE-2022-31680
https://notcve.org/view.php?id=CVE-2022-31680
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. El servidor vCenter contiene una vulnerabilidad de deserialización no segura en el PSC (Platform services controller). Un actor malicioso con acceso de administrador en el servidor vCenter puede aprovechar este problema para ejecutar código arbitrario en el sistema operativo subyacente que aloja el servidor vCenter • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587 https://www.vmware.com/security/advisories/VMSA-2022-0025.html • CWE-502: Deserialization of Untrusted Data •
CVE-2016-7459
https://notcve.org/view.php?id=CVE-2016-7459
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. VMware vCenter Server 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a usuarios remotos autenticados leer archivos arbitrarios a través de un documento (1) Log Browser, (2) Distributed Switch setup, o (3) Content Library XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www.securityfocus.com/bid/94486 http://www.securitytracker.com/id/1037329 http://www.vmware.com/security/advisories/VMSA-2016-0022.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-5331 – VMware vSphere Hypervisor (ESXi) HTTP Response Injection
https://notcve.org/view.php?id=CVE-2016-5331
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en VMware vCenter Server 6.0 en versiones anteriores a U2 y ESXi 6.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuestas HTTP a través de vectores no especificados. The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. • http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://seclists.org/fulldisclosure/2016/Aug/38 http://www.securityfocus.com/archive/1/539128/100/0/threaded http://www.securityfocus.com/bid/92324 http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.vmware.com/security/advisories/VMSA-2016-0010.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •