CVE-2023-34048

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. Recent assessments: ccondon-r7 at January 19, 2024...

Vulnerabilities fixed in VMware vCenter Server

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to be able to execute arbitrary code on the underlying system. VMware has released updates to fix the vulnerabilities in vCenter Server. For more informatio...

PT-2023-6425 · Vmware · Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: vCenter Server versions affected versions not specified Description: The issue is related to a partial information disclosure vulnerability in vCenter Server. It may allow a malicious actor with non-administrative privileges to access...

PT-2023-6424

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to October 2023 Description VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may...

VMSA-2023-0023:VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities

Advisory ID: VMSA-2023-0023.1 CVSSv3 Range: 4.3-9.8 Issue Date:2023-10-25 Updated On: 2024-01-17 CVEs: CVE-2023-34048, CVE-2023-34056 Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities CVE-2023-34048, CVE-2023-34056 RSS Feed Download PDF...

PT-2023-4654

Name of the Vulnerable Software and Affected Versions VMware Tools affected versions not specified Description The issue is related to a SAML token signature bypass vulnerability in VMware Tools. A malicious actor with man-in-the-middle MITM network positioning between vCenter server and the...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a attacker to cause a service failure.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, such as VMware vCenter Server, is caused by a buffer overflow in memory. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a attacker to cause service failures or execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, is caused by a buffer overflow in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

VMWare vCenter Server DCERPC association groups use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1799 VMWare vCenter Server DCERPC association groups use-after-free vulnerability July 13, 2023 CVE Number CVE-2023-20893 SUMMARY A use-after-free vulnerability exists in the library supporting DCERPC functionality in VMWare vCenter Server 7.0.3.01000. A seri...

VMWare vCenter Server DCERPC presentation result list out of bounds memory access

Talos Vulnerability Report TALOS-2023-1800 VMWare vCenter Server DCERPC presentation result list out of bounds memory access July 13, 2023 CVE Number CVE-2023-20896 SUMMARY An out of bounds memory access vulnerability exists in the processing of packets containing presentation result lists in...

VMware vCenter Server DCERPC save_sec_fragment out-of-bounds pointer vulnerability

Talos Vulnerability Report TALOS-2023-1740 VMware vCenter Server DCERPC savesecfragment out-of-bounds pointer vulnerability July 13, 2023 CVE Number CVE-2023-20895 SUMMARY A memory corruption vulnerability with a potential for authentication bypass exists in the DCERPC service as used by VMware...

VMware DCERPC call request uninitialized memory heap overflow vulnerability

Talos Vulnerability Report TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-20892 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in VMware vCenter Server...

VMware vCenter Server 7.0 < 7.0 U3m / 8.0 < 8.0 U1b Multiple Vulnerabilities (VMSA-2023-0014)

The version of vCenter Server installed on the remote host is 7.0 prior to 7.0 U3m or 8.0 prior to 8.0 U1b. It is, therefore, affected by multiple vulnerabilities, as follows: - A heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a perpetrator to execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, arises due to a buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

VMware Releases Security Update for vCenter Server and Cloud Foundation

VMware has released a security update to address multiple memory corruption vulnerabilities in vCenter Server and Cloud Foundation. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security...

CVE-2023-20896

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services...

CVE-2023-20896

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services...

Out-of-bounds

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services...

CVE-2023-20895

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication...

CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server...