CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server...

CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server...

CVE-2023-20892 VMware vCenter Server heap-overflow vulnerability

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating...

CVE-2023-20892

VMware vCenter Server is affected by CVE-2023-20892, a DCERPC-based heap overflow in the remote procedure call handling. Talos’ TALOS-2023-1801 report confirms a heap overflow in the DCERPC call processing of vCenter Server 7.0.3.01000 (and related components such as vmcad, vmdird, vmafdd) that c...

CVE-2023-20892 VMware vCenter Server heap-overflow vulnerability

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating...

VMware vCenter Server 缓冲区错误漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

VMware vCenter Server 缓冲区错误漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

VMware vCenter Server 缓冲区错误漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code be able to execute arbitrary code on the underlying system. The malicious party does not need to have prior authentication to do this...

PT-2023-3414 · Vmware · Vmware Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: VMware vCenter Server affected versions not specified Description: The issue is caused by a memory corruption vulnerability in the implementation of the DCERPC protocol. This vulnerability can be exploited by a malicious actor with network...

PT-2023-3750 · Vmware · Vmware Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: VMware vCenter Server affected versions not specified Description: The issue is related to an out-of-bounds read vulnerability in the implementation of the DCERPC protocol in VMware vCenter Server. A malicious actor with network access to...

PT-2023-3412 · Vmware · Vmware Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: VMware vCenter Server affected versions not specified Description: The issue is related to a use-after-free vulnerability in the implementation of the DCERPC protocol. This vulnerability can be exploited by a malicious actor with network acce...

PT-2023-3644 · Vmware · Vmware Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: VMware vCenter Server affected versions not specified Description: The issue is caused by a buffer overflow in the memory of the DCERPC protocol implementation in VMware vCenter Server. This can be exploited by a remote attacker to cause a...

PT-2023-3224 · Vmware · Vmware Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: VMware vCenter Server affected versions not specified Description: The issue is related to a heap overflow vulnerability in the implementation of the DCERPC protocol in VMware vCenter Server. This vulnerability can be exploited by a malicious...

VMSA-2023-0014:VMware vCenter Server updates address multiple memory corruption vulnerabilities

Advisory ID: VMSA-2023-0014 CVSSv3 Range: 5.9 - 8.1 Issue Date:2023-06-22 Updated On: 2023-06-22 Initial Advisory CVEs: CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896 Synopsis: VMware vCenter Server updates address multiple memory corruption vulnerabilities...

SUSE CVE-2015-2342

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol...

The vulnerability of the software component responsible for processing resource bundles in VMware vCenter Server allows a attacker to cause a service failure.

The vulnerability of the resource bundle processor in the software that manages virtual infrastructure such as VMware vCenter Server relates to the execution of a cycle without sufficient restrictions on its frequency of execution. Exploiting this vulnerability could allow an attacker, operating...

VMware vCenter Server 6.5 < 6.5 U3u / 6.7 < 6.7.0 U3s / 7.0 < 7.0 U3i Multiple Vulnerabilities (VMSA-2022-0030)

The version of VMware vCenter Server installed on the remote host is affected by multiple vulnerabilities, as follows: - An information disclosure vulnerability due to plaintext logging of credentials. CVE-2022-31697 - A denial of service DoS vulnerability in the content library service...

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header...

CVE-2022-31697

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation Install/Upgrade/Migrate/Restore can access plaintext passwords used during that...