18 results (0.073 seconds)

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 9.8EPSS: 4%CPEs: 37EXPL: 0

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de escritura fuera de los límites en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los límites que podría conducir a la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of DCE/RPC protocol. • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-787: Out-of-bounds Write •