Vmware Security Vulnerabilities
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...
7.5CVSS
7.4AI Score
0.001EPSS
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit...
7.8CVSS
5.2AI Score
0.0004EPSS
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network...
5.3CVSS
5AI Score
0.0005EPSS
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle...
5.3CVSS
5.1AI Score
0.0004EPSS
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF.....
6.5CVSS
6.2AI Score
0.0005EPSS
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN...
7.5CVSS
7.7AI Score
0.003EPSS
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services...
7.5CVSS
8.3AI Score
0.001EPSS
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter...
9.8CVSS
9.7AI Score
0.003EPSS
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass...
9.8CVSS
9.5AI Score
0.002EPSS
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory...
9.8CVSS
9.3AI Score
0.002EPSS
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating...
9.8CVSS
9.7AI Score
0.002EPSS
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual...
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information...
6.1CVSS
5.9AI Score
0.0005EPSS
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to...
6.7CVSS
7.3AI Score
0.0004EPSS
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the...
7.2CVSS
7.8AI Score
0.001EPSS
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege...
8.8CVSS
8.9AI Score
0.001EPSS
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating...
6.7CVSS
7.3AI Score
0.0004EPSS
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual...
6CVSS
7AI Score
0.001EPSS
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual...
8.2CVSS
8.4AI Score
0.002EPSS
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device...
8.8CVSS
8.5AI Score
0.0004EPSS
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating...
7.8CVSS
8AI Score
0.0004EPSS
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as...
7.2CVSS
8.9AI Score
0.001EPSS
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as...
9.8CVSS
9.7AI Score
0.191EPSS
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of...
5.5CVSS
5.4AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data...
7.8CVSS
7.3AI Score
0.0004EPSS
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of...
6.5CVSS
6.4AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data...
7.1CVSS
6.6AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information...
7.8CVSS
7.5AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data...
7.1CVSS
6.6AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information...
7.1CVSS
6.4AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information...
7.1CVSS
6.4AI Score
0.0004EPSS
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data...
7.1CVSS
6.5AI Score
0.0004EPSS
HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and...
5.5CVSS
5.5AI Score
0.0004EPSS
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified...
6.5CVSS
6.2AI Score
0.001EPSS
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS)...
4.8CVSS
4.8AI Score
0.001EPSS
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content...
6.8CVSS
6.4AI Score
0.001EPSS
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible...
8.8CVSS
8.7AI Score
0.002EPSS
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying...
7.2CVSS
7.1AI Score
0.001EPSS
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
5.3AI Score
0.0004EPSS
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is...
8.4CVSS
8.1AI Score
0.0004EPSS
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim...
8.8CVSS
8.7AI Score
0.001EPSS
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before...
8.8CVSS
8.3AI Score
0.002EPSS
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before...
8.8CVSS
8.3AI Score
0.002EPSS
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of...
4.9CVSS
5.4AI Score
0.001EPSS
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...
7.2CVSS
7.2AI Score
0.002EPSS
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On...
8.2CVSS
8.4AI Score
0.0004EPSS
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without...
9.8CVSS
9.6AI Score
0.001EPSS
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of...
5.3CVSS
6AI Score
0.001EPSS
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...
7.2CVSS
7.3AI Score
0.002EPSS