CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
25 Oct 2023 — vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. vCenter Server contains a partial information disclosure vulnerability. A malicious ac... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 91%CPEs: 37EXPL: 0CVE-2023-34048 – VMware vCenter Server Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-34048
25 Oct 2023 — vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de escritura fuera de los límites en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los límites que podría conducir a la ejecuc... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20896
https://notcve.org/view.php?id=CVE-2023-20896
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an o... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20895
https://notcve.org/view.php?id=CVE-2023-20895
22 Jun 2023 — The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 47%CPEs: 33EXPL: 0CVE-2023-20894
https://notcve.org/view.php?id=CVE-2023-20894
22 Jun 2023 — The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially craft... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 33EXPL: 0CVE-2023-20893
https://notcve.org/view.php?id=CVE-2023-20893
22 Jun 2023 — The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlyin... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 33EXPL: 0CVE-2023-20892 – VMware vCenter Server heap-overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-20892
22 Jun 2023 — The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access ... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 2%CPEs: 30EXPL: 0CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
16 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) ... • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •