Lucene search
K

206 matches found

CVE
CVE
added 2025/05/20 12:53 p.m.61 views

CVE-2025-41229

CVE-2025-41229 affects VMware Cloud Foundation and is a directory traversal vulnerability. A remote attacker on port 443 can exploit it to access internal services. The entry cites CVSS v3.1 base score 8.2 (High) with network access, no user interaction required. Public docs confirm the issue and...

8.2CVSS8.2AI score0.00642EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/20 12:53 p.m.14 views

CVE-2025-41229 VMware Cloud Foundation Directory Traversal Vulnerability

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services...

8.2CVSS0.00642EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/20 12:53 p.m.1 views

CVE-2025-41229 VMware Cloud Foundation Directory Traversal Vulnerability

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services...

8.2CVSS7.2AI score0.00642EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.4 views

PT-2025-22131 · Vmware · Vmware Cloud Foundation

Name of the Vulnerable Software and Affected Versions: VMware Cloud Foundation affected versions not specified Description: The issue is an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to...

7.8CVSS6.1AI score0.00381EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.4 views

VMware Cloud Foundation 安全漏洞

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. A directory traversal vulnerability exists in VMware Cloud Foundation, which stems from ...

8.2CVSS6.8AI score0.00642EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.5 views

PT-2025-22130 · Vmware · Vmware Cloud Foundation

Name of the Vulnerable Software and Affected Versions: VMware Cloud Foundation affected versions not specified Description: The issue is a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain...

8.2CVSS9.2AI score0.00642EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.6 views

PT-2025-22132 · Vmware · Vmware Cloud Foundation

Name of the Vulnerable Software and Affected Versions: VMware Cloud Foundation affected versions not specified Description: The issue is related to a missing authorization vulnerability. A malicious actor with access to the VMware Cloud Foundation appliance may be able to perform certain...

7.3CVSS5.8AI score0.00157EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.4 views

VMware Cloud Foundation 安全漏洞

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation suffers from an authorization issue vulnerability that stems fro...

7.3CVSS6.9AI score0.00157EPSS
Exploits0References1
VMware
VMware
added 2025/05/20 12:0 a.m.21 views

VMSA-2025-0009 : VMware Cloud Foundation updates address multiple vulnerabilities (CVE-2025-41229, CVE-2025-41230, CVE-2025-41231)

Advisory ID: | VMSA-2025-0009 ---|--- Advisory Severity: | Important CVSSv3 Range: | 7.3-8.2 Synopsis: | VMware Cloud Foundation updates address multiple vulnerabilities CVE-2025-41229, CVE-2025-41230, CVE-2025-41231 Issue date: | 2025-05-20 Updated on: | 2025-05-20 Initial Advisory CVEs |...

8.2CVSS7AI score0.00642EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.7 views

The vulnerability of the VMware Aria Automation (formerly vRealize Automation) automation software and the VMware Cloud Foundation virtualization platform, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.

The vulnerability of the VMware Aria Automation formerly vRealize Automation and VMware Cloud Foundation virtualization platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially...

4.3CVSS5.5AI score0.00247EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/06 12:0 a.m.12 views

Vulnerability of the hypervisor in VMware ESXi, VMware Workstation, VMware Fusion, the virtualization platform VMware Cloud Foundation, the telecommunications cloud platform VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure—related to reading beyond the allowed range in memory, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of VMware ESXi, VMware Workstation, VMware Fusion, the virtualization platform VMware Cloud Foundation, the telecommunications cloud platform VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure is related to reading data beyond the allowed range in memory...

7.1CVSS7.8AI score0.01676EPSS
Exploits0References2Affected Software2
Information Security Automation
Information Security Automation
added 2024/10/23 8:26 p.m.18 views

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again

On Monday, October 21, updates for the critical Remote Code Execution - VMware vCenter CVE-2024-38812 vulnerabilitywere released again. Wait, haven't fixes for this vulnerability been available since September 17th? They were, but it was not enough. " VMware by Broadcom has determined that the...

9.8CVSS7.9AI score0.54143EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/10/22 7:3 a.m.24 views

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 CVSS score: 9.8, concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC...

9.8CVSS9.7AI score0.54143EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/07/22 12:0 a.m.8 views

The vulnerability of the disaster recovery mechanism for the VMware Cloud Director Availability, related to deficiencies in neutralizing special symbols, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the disaster recovery tool for VMware Cloud Director Availability relates to deficiencies in neutralizing special symbols. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks by injecting malicious HTML tags...

6.4CVSS5.5AI score0.00325EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/22 12:0 a.m.7 views

The vulnerability of the VMware Cloud Director platform, related to deficiencies in access control, allows a attacker to trigger a service failure.

The vulnerability of the VMware Cloud Director platform relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

6.1CVSS5.5AI score0.00369EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.7 views

The vulnerability of the VMware Cloud Director Object Storage Extension lies in the insufficient protection of operational data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the VMware Cloud Director Object Storage Extension relates to insufficient protection of operational data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

5.3CVSS5.5AI score0.00203EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/04 2:15 p.m.55 views

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

6.4CVSS0.00325EPSS
Exploits0References1
OSV
OSV
added 2024/07/04 2:15 p.m.6 views

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

5.4CVSS5.9AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2024/07/04 1:21 p.m.112 views

CVE-2024-22277

CVE-2024-22277 affects VMware Cloud Director Availability. An HTML injection vulnerability allows a network-authenticated attacker to craft malicious HTML tags that execute within replication tasks. The issue is addressed by VMware in the 4.7.2 release; advisory indicates affected product lines i...

6.4CVSS6.8AI score0.00325EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/04 1:21 p.m.29 views

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

6.4CVSS7.5AI score0.00325EPSS
Exploits0References1
Rows per page
Query Builder