CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVE-2023-34048 – VMware vCenter Server Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-34048
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de escritura fuera de los límites en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los límites que podría conducir a la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of DCE/RPC protocol. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-787: Out-of-bounds Write •
CVE-2023-20896
https://notcve.org/view.php?id=CVE-2023-20896
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-125: Out-of-bounds Read •
CVE-2023-20895
https://notcve.org/view.php?id=CVE-2023-20895
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-787: Out-of-bounds Write •
CVE-2023-20894
https://notcve.org/view.php?id=CVE-2023-20894
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-787: Out-of-bounds Write •