CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
25 Oct 2023 — vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. vCenter Server contains a partial information disclosure vulnerability. A malicious ac... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 38%CPEs: 37EXPL: 0CVE-2023-34048 – VMware vCenter Server Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-34048
25 Oct 2023 — vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de escritura fuera de los límites en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los límites que podría conducir a la ejecuc... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20896
https://notcve.org/view.php?id=CVE-2023-20896
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an o... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20895
https://notcve.org/view.php?id=CVE-2023-20895
22 Jun 2023 — The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20894
https://notcve.org/view.php?id=CVE-2023-20894
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially craft... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20893
https://notcve.org/view.php?id=CVE-2023-20893
22 Jun 2023 — The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlyin... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20892 – VMware vCenter Server heap-overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-20892
22 Jun 2023 — The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access ... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2022-31698
https://notcve.org/view.php?id=CVE-2022-31698
13 Dec 2022 — The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. vCenter Server contiene una vulnerabilidad de Denegación de Servicio (DoS) en el servicio de librería de contenido. Un actor malintencionado con acceso de red al puerto 443 en vCenter Server puede aprovechar este problema para desencadenar una con... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588 •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 1CVE-2022-31680
https://notcve.org/view.php?id=CVE-2022-31680
07 Oct 2022 — The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. El servidor vCenter contiene una vulnerabilidad de deserialización no segura en el PSC (Platform services controller). Un actor malicioso con acceso de administrador en el servidor vCenter puede aprovechar este problema para ejecuta... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5331 – VMware vSphere Hypervisor (ESXi) HTTP Response Injection
https://notcve.org/view.php?id=CVE-2016-5331
05 Aug 2016 — CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en VMware vCenter Server 6.0 en versiones anteriores a U2 y ESXi 6.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuestas HTTP a través de vectores no especificados. The SySS GmbH found out that the web server... • https://packetstorm.news/files/id/138211 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •