Filtered by vendor Vmware
Subscriptions
Filtered by product Cloud Foundation
Subscriptions
Total
102 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37085 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-12-20 | 6.8 Medium |
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | ||||
CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 9.8 Critical |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
CVE-2024-37079 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 9.8 Critical |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
CVE-2024-22280 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2024-11-21 | 8.5 High |
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | ||||
CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2024-11-21 | 9.9 Critical |
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | ||||
CVE-2023-34043 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2024-11-21 | 6.7 Medium |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||||
CVE-2023-20884 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Cloud Foundation and 3 more | 2024-11-21 | 6.1 Medium |
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | ||||
CVE-2023-20880 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2024-11-21 | 6.7 Medium |
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||||
CVE-2023-20879 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-11-21 | 6.7 Medium |
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | ||||
CVE-2023-20878 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-11-21 | 7.2 High |
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | ||||
CVE-2023-20877 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2024-11-21 | 8.8 High |
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | ||||
CVE-2023-20865 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2024-11-21 | 7.2 High |
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | ||||
CVE-2023-20864 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2024-11-21 | 9.8 Critical |
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | ||||
CVE-2022-31701 | 2 Linux, Vmware | 4 Linux Kernel, Access, Cloud Foundation and 1 more | 2024-11-21 | 5.3 Medium |
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | ||||
CVE-2022-31700 | 2 Microsoft, Vmware | 4 Windows, Access, Cloud Foundation and 1 more | 2024-11-21 | 7.2 High |
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | ||||
CVE-2022-31699 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-11-21 | 3.3 Low |
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | ||||
CVE-2022-31698 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.3 Medium |
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | ||||
CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.5 Medium |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | ||||
CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-11-21 | 8.8 High |
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | ||||
CVE-2022-31681 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-11-21 | 6.5 Medium |
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. |