Vmware: Security Vulnerabilities
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-05-12
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
CVSS Score
7.2
EPSS Score
0.01
Published
2023-05-12
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
CVSS Score
6.7
EPSS Score
0.002
Published
2023-05-12
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVSS Score
6.7
EPSS Score
0.002
Published
2023-05-12
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
CVSS Score
8.2
EPSS Score
0.02
Published
2023-04-25
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
CVSS Score
6.0
EPSS Score
0.004
Published
2023-04-25
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
CVSS Score
7.8
EPSS Score
0.004
Published
2023-04-25
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
CVSS Score
8.8
EPSS Score
0.009
Published
2023-04-25
CVE-2023-29552
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
Known exploited
CVSS Score
7.5
EPSS Score
0.659
Published
2023-04-25
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
CVSS Score
9.8
EPSS Score
0.717
Published
2023-04-20