Latest Vmware Vulnerabilities

CVE-2024-22256
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
VMware Cloud Director>=10.4.0<10.5.1.1
CVE-2024-22241
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. ...
VMware Aria Operations for Networks>=6.0.0<=6.12.0
CVE-2024-22240
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. ...
VMware Aria Operations for Networks>=6.0.0<=6.12.0
CVE-2024-22239
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to ga...
VMware Aria Operations for Networks>=6.0.0<=6.12.0
CVE-2024-22238
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to imprope...
VMware Aria Operations for Networks>=6.0.0<=6.12.0
CVE-2024-22237
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to ga...
VMware Aria Operations for Networks>=6.0.0<=6.12.0
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there...
maven/org.springframework.security:spring-security-config>=5.7.9<=5.7.10
maven/org.springframework.security:spring-security-config>=5.8.4<=5.8.6
maven/org.springframework.security:spring-security-config>=6.0.4<=6.0.6
maven/org.springframework.security:spring-security-config>=6.1.1<=6.1.3
Vmware Spring Security>=5.8.4<5.8.7
Vmware Spring Security>=6.0.4<6.0.7
and 3 more
CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary d...
maven/org.springframework.cloud:spring-cloud-contract-shade>=3.1.0<3.1.10
maven/org.springframework.cloud:spring-cloud-contract-shade>=4.0.0<4.0.5
maven/org.springframework.cloud:spring-cloud-contract-shade=4.1.0
Vmware Spring Cloud Contract>=3.1.0<3.1.10
Vmware Spring Cloud Contract>=4.0.0<4.0.5
Vmware Spring Cloud Contract=4.1.0
and 3 more
CVE-2024-22233
Spring Framework server Web DoS Vulnerability
maven/org.springframework:spring-core=6.0.15
maven/org.springframework:spring-core=6.1.2
VMware Spring Framework=6.0.15
VMware Spring Framework=6.1.2
CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow...
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
Atlassian Jira Software Data Center=8.20.0
Atlassian Jira Software Data Center=9.4.0
Atlassian Jira Software Data Center=9.5.0
Atlassian Jira Software Data Center=9.6.0
and 13 more
CVE-2023-34064
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
CVE-2023-35641
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
CVE-2023-35628
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
CVE-2023-35630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
CVE-2023-41678
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
CVE-2023-33063
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
CVE-2023-33106
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
CVE-2023-33107
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
CVE-2023-34055
Spring Boot server Web Observations DoS Vulnerability
maven/org.springframework.boot:spring-boot>=3.1.0<3.1.6
maven/org.springframework.boot:spring-boot>=3.0.0<3.0.13
maven/org.springframework.boot:spring-boot<2.7.18
Vmware Spring Boot>=2.7.0<=2.7.17
Vmware Spring Boot>=3.0.0<=3.0.12
Vmware Spring Boot>=3.1.0<=3.1.5
and 6 more
CVE-2023-34053
Spring Framework server Web Observations DoS Vulnerability
VMware Spring Framework>=6.0.0<6.0.14
maven/org.springframework:spring-webmvc>=6.0.0<6.0.14
>=6.0.0<6.0.14
CVE-2023-34060
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Clo...
VMware Cloud Director<10.5
Vmware Photon Os
VMware Cloud Director=10.5
VMware VCD Appliance=10.5
CVE-2023-31026
CVE
NVIDIA Virtual GPU<13.9
NVIDIA Virtual GPU>=14.0<15.4
NVIDIA Virtual GPU>=16.0<16.2
Canonical Ubuntu Linux
Citrix Hypervisor
Linux-kvm Kernel Virtual Machine
and 2 more
CVE-2023-31022
CVE
NVIDIA Virtual GPU<13.9
NVIDIA Virtual GPU>=14.0<15.4
NVIDIA Virtual GPU>=16.0<16.2
Microsoft Azure Stack Hci
Canonical Ubuntu Linux
Citrix Hypervisor
and 5 more
CVE-2023-31021
CVE
NVIDIA Virtual GPU<13.9
NVIDIA Virtual GPU>=14.0<15.4
NVIDIA Virtual GPU>=16.0<16.2
Microsoft Azure Stack Hci
Canonical Ubuntu Linux
Citrix Hypervisor
and 3 more
CVE-2023-31018
CVE
NVIDIA Virtual GPU<13.9
NVIDIA Virtual GPU>=14.0<15.4
NVIDIA Virtual GPU>=16.0<16.2
Microsoft Azure Stack Hci
Canonical Ubuntu Linux
Citrix Hypervisor
and 5 more
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim us...
VMware Workspace ONE UEM>=22.3.0.2<22.3.0.48
VMware Workspace ONE UEM>=22.6.0.1<22.6.0.36
VMware Workspace ONE UEM>=22.9.0.1<22.9.0.29
VMware Workspace ONE UEM>=22.12.0.1<22.12.0.20
VMware Workspace ONE UEM>=23.2.0.1<23.2.0.10
CVE-2023-34056
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
VMware vCenter Server>=4.0<=5.5
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 32 more
CVE-2023-34048
VMware vCenter Server Out-of-Bounds Write Vulnerability
VMware vCenter Server>=4.0<=5.5
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 32 more
CVE-2023-34059
- File Descriptor Hijack vulnerability in open-vm-tools
Vmware Open Vm Tools>=11.0.0<=12.3.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
ubuntu/open-vm-tools<2:10.2.0-3~ubuntu0.16.04.1+
ubuntu/open-vm-tools<2:11.0.5-4ubuntu0.18.04.3+
and 7 more
CVE-2023-34058
- SAML Token Signature Bypass in open-vm-tools
ubuntu/open-vm-tools<2:10.2.0-3~ubuntu0.16.04.1+
ubuntu/open-vm-tools<2:11.0.5-4ubuntu0.18.04.3+
ubuntu/open-vm-tools<2:11.3.0-2ubuntu0~ubuntu20.04.7
ubuntu/open-vm-tools<2:12.1.5-3~ubuntu0.22.04.4
ubuntu/open-vm-tools<2:12.1.5-3ubuntu0.23.04.3
ubuntu/open-vm-tools<2:12.3.0-1ubuntu0.1
and 12 more
CVE-2023-46118
Denial of Service by publishing large messages over the HTTP API
debian/rabbitmq-server<=3.7.8-4<=3.8.9-3
Vmware Rabbitmq<3.11.24
Vmware Rabbitmq>=3.12.0<3.12.7
CVE-2023-46120
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could se...
Vmware Rabbitmq Java Client<5.18.0
maven/com.rabbitmq:amqp-client<5.18.0
CVE-2023-34045
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder f...
VMware Fusion>=13.0.0<13.5
Apple Mac OS X
CVE-2023-34044
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtua...
VMware Workstation>=17.0.0<17.5
VMware Fusion>=13.0.0<13.5
Apple Mac OS X
CVE-2023-34046
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a ...
VMware Fusion>=13.0.0<13.5
Apple Mac OS X
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could resul...
VMware Aria Operations for Logs=4.0
VMware Aria Operations for Logs=5.0
VMware Aria Operations for Logs=8.10.2
VMware Aria Operations for Logs=8.12
CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can resul...
VMware Aria Operations for Logs=4.0
VMware Aria Operations for Logs=5.0
VMware Aria Operations for Logs=8.6
VMware Aria Operations for Logs=8.8
VMware Aria Operations for Logs=8.10
VMware Aria Operations for Logs=8.10.2
and 1 more
CVE-2023-34050
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of da...
Vmware Spring Advanced Message Queuing Protocol>=1.0.0<2.4.16
Vmware Spring Advanced Message Queuing Protocol>=3.0.0<3.0.9
redhat/spring-amqp<2.7.17
redhat/spring-amqp<3.0.12
redhat/spring-amqp<3.1.5
redhat/spring-amqp<3.2.0
CVE-2023-34043
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
VMware Aria Operations=8.6.0
VMware Aria Operations=8.10.0
VMware Aria Operations=8.12.0
VMware Aria Operations=8.12.0-hotfix1
VMware Aria Operations=8.12.0-hotfix2
VMware Aria Operations=8.12.0-hotfix3
and 2 more
CVE-2023-34047
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap...
Vmware Spring For Graphql>=1.1.0<=1.1.5
Vmware Spring For Graphql>=1.2.0<=1.2.2
CVE-2023-20900
[Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900)
debian/open-vm-tools<=2:12.2.5-1<=2:12.2.0-1<=2:11.2.5-2
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
VMware Tools>=10.3.0<12.3.0
Microsoft Windows
VMware Tools>=10.3.0<10.3.26
Linux Linux kernel
and 28 more
CVE-2023-20890
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbit...
VMware Aria Operations for Networks>=6.2.0<6.11.0
CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks...
VMware Aria Operations for Networks>=6.2.0<6.11.0
>=6.2.0<6.11.0
CVE-2023-34040
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to...
Vmware Spring For Apache Kafka>=2.8.1<=2.9.10
Vmware Spring For Apache Kafka>=3.0.0<=3.0.9
CVE-2023-20588
Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Amd Epyc 7351p Firmware
Amd Epyc 7351p
Amd Epyc 7401p Firmware
Amd Epyc 7401p
and 349 more
CVE-2023-34037
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.
Vmware Horizon Client=2006
Vmware Horizon Client=2012
Vmware Horizon Client=2103
Vmware Horizon Client=2106
Vmware Horizon Client=2111
Vmware Horizon Client=2111.1
and 2 more
CVE-2023-34038
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.
Vmware Horizon Client=2006
Vmware Horizon Client=2012
Vmware Horizon Client=2103
Vmware Horizon Client=2106
Vmware Horizon Client=2111
Vmware Horizon Client=2111.1
and 2 more
CVE-2023-20891
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A ma...
Vmware Isolation Segment>=2.11.0<2.11.35
Vmware Isolation Segment>=2.13.0<2.13.20
Vmware Isolation Segment>=3.0.0<3.0.13
Vmware Isolation Segment>=4.0.0<4.0.4
Vmware Tanzu Application Service For Virtual Machines>=2.11.0<2.11.42
Vmware Tanzu Application Service For Virtual Machines>=2.13.0<2.13.24
and 2 more
CVE-2023-34034
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Vmware Spring Security>=5.6.0<5.6.12
Vmware Spring Security>=5.7.0<5.7.10
Vmware Spring Security>=5.8.0<5.8.5
Vmware Spring Security>=6.0.0<6.0.5
Vmware Spring Security>=6.1.0<6.1.2
maven/org.springframework.security:spring-security-config>=6.1.0<6.1.2
and 9 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203