Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vcenter_server
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-22 | CVE-2023-20893 | The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | Vcenter_server | 9.8 | ||
| 2023-06-22 | CVE-2023-20894 | The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | Vcenter_server | 9.8 | ||
| 2023-06-22 | CVE-2023-20895 | The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | Vcenter_server | 9.8 | ||
| 2023-06-22 | CVE-2023-20896 | The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | Vcenter_server | 7.5 | ||
| 2021-09-23 | CVE-2021-22015 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | Cloud_foundation, Vcenter_server | 7.8 | ||
| 2021-11-10 | CVE-2021-22048 | The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | Cloud_foundation, Vcenter_server | 8.8 | ||
| 2022-12-13 | CVE-2022-31697 | The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | Cloud_foundation, Vcenter_server | 5.5 | ||
| 2022-10-07 | CVE-2022-31680 | The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. | Vcenter_server | 9.1 | ||
| 2022-07-13 | CVE-2022-22982 | The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | Cloud_foundation, Vcenter_server | 7.5 | ||
| 2020-04-10 | CVE-2020-3952 | Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. | Vcenter_server | 9.8 |