CVE-2021-21972

CVE-2021-21972 is an unauthenticated remote code execution in VMware vCenter Server via the vROPS vropsplugin UI, triggered by uploading a crafted archive to /ui/vropspluginui/rest/services/uploadova. Affected: vCenter Server 6.5/6.7/7.0 (including Cloud Foundation 4.x/3.x). Impact is arbitrary f...

CVE-2021-21985

CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...

CVE-2022-22954

CVE-2022-22954 is a server-side template injection (SSTI) leading to remote code execution in VMware Workspace ONE Access and VMware Identity Manager. The vulnerability allows an attacker with network access to trigger SSTI in Freemarker templates, potentially compromising the underlying system. ...

CVE-2020-3992

CVE-2020-3992 describes a use-after-free in OpenSLP used by VMware ESXi. A malicious actor on the management network with access to UDP port 427 can trigger remote code execution. Affected VMware ESXi versions include 7.0 prior to ESXi_7.0.1-0.0.16850804, 6.7 prior to ESXi670-202010401-SG, and 6....

CVE-2020-4006

CVE-2020-4006 (VMware) is a remote command-injection flaw in VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector. A attacker with network access to the administrative configurator (port 8443) and valid credentials could execute commands with unrestricte...

CVE-2021-22005

CVE-2021-22005 affects VMware vCenter Server via an arbitrary file upload vulnerability in the Analytics service. With network access to port 443, an attacker can upload a crafted file to trigger remote code execution. Public PoCs and exploits exist (e.g., VM attack surfaces and multiple advisori...

CVE-2022-22960

CVE-2022-22960 is a VMware privilege-escalation vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation caused by improper permissions in support scripts. A local attacker can escalate to root on affected systems. Technical details indicate affected products include VMwar...

CVE-2021-21975

CVE-2021-21975 (vROps SSRF) affects VMware vRealize Operations Manager API prior to 8.4. An attacker with network access can abuse SSRF via /casa/nodes/thumbprints to read internal resources and steal administrative credentials; when combined with CVE-2021-21983 (post-auth file write) this chain ...

CVE-2021-21973

CVE-2021-21973 is a VMware vSphere Client (HTML5) SSRF vulnerability in which URL validation for a vCenter Server plugin is improper, allowing an attacker with network access to port 443 to trigger information disclosure via a crafted POST to the vulnerable endpoint. Affected products/versions in...

CVE-2021-21974

CVE-2021-21974 is a heap-based overflow in VMware ESXi’s OpenSLP service that can enable remote code execution when an attacker on the same network segment can reach port 427. Affected releases include ESXi 7.x (before ESXi70U1c-17325551), ESXi 6.7 (before 202102401-SG), and ES6.5 (before 2021021...

CVE-2025-22226

CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...

CVE-2025-22224

CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...

CVE-2024-38812

CVE-2024-38812 : VMware vCenter Server is affected by a heap-based buffer overflow in the DCERPC protocol. A remote attacker with network access can trigger code execution by sending a specially crafted network packet. The CVE is tracked across multiple advisories and has several patched / update...

CVE-2025-22225

CVE-2025-22225 applies to VMware ESXi and involves an arbitrary write vulnerability where a malicious actor with privileges within the VMX process can trigger an arbitrary kernel write, leading to a sandbox escape. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector and HIGH impact on confide...

CVE-2021-21983

CVE-2021-21983 is an authenticated arbitrary file write vulnerability in the VMware vRealize Operations Manager API (pre-8.4). A network‑accessible attacker can leverage the API to write files to arbitrary locations on the underlying Photon OS, potentially enabling code execution as illustrated i...

CVE-2024-37085

CVE-2024-37085 affects VMware ESXi via an authentication bypass in domain-joined configurations. An actor with sufficient AD permissions can gain full admin access by re-creating a configured AD group (commonly named ESXi Admins or ESX Admins) after deletion. Multiple sources note exploitation ac...

CVE-2021-22045

The CVE-2021-22045 vulnerability is a heap overflow in CD-ROM device emulation affecting multiple VMware products: ESXi (versions 6.5, 6.7, 7.0), Workstation (16.x up to 16.2.0), and Fusion (12.x up to 12.2.0). The underlying issue is a heap overflow in the CD-ROM device emulation, which could en...

CVE-2026-41722

CVE-2026-41722 is a stored cross-site scripting vulnerability affecting VMware Cloud Foundation Operations and related products. The NVD/Broadcom advisory describes that a malicious actor with privileges to create policies, views, or text-widgets can inject scripts to perform administrative actio...

CVE-2024-38813

CVE-2024-38813 : Privilege-escalation in VMware vCenter Server. A remote attacker with network access could trigger a flaw by sending a specially crafted packet to escalate to root. NVD lists CVSS v3.1 base score 9.8 (CRITICAL) with network access, no user interaction. Related documents also desc...

CVE-2022-22948

CVE-2022-22948 affects VMware vCenter Server and is caused by improper default/file permissions that allow non-administrative access to disclose sensitive information. Public sources document VMSA-2022-0009, listing affected versions: vCenter 6.5 up to 6.5U3r, 6.7 up to 6.7U3p, and 7.0 up to 7.0U...

CVE-2022-22972

CVE-2022-22972 is an authentication bypass affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. A malicious actor with network access to the UI could obtain administrative access without authentication. Public materials (CVEs, vendor advisories) confirm affected produ...

CVE-2022-22957

Summary (CVE-2022-22957 / CVE-2022-22958): VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by remote code execution vulnerabilities. The root cause is deserialization of untrusted data via a malicious JDBC URI in the DBConnectionCheckController (CVE-2022-22957) ...

CVE-2022-22973

CVE-2022-22973 is a local privilege escalation affecting VMware Workspace ONE Access and VMware Identity Manager. The root cause is improper permissions/handling in support scripts, permitting an attacker with local access to escalate to root. Affected product lines include Workspace ONE Access a...

CVE-2021-22040

Vulnerability CVE-2021-22040 affects VMware ESXi, Workstation, and Fusion due to a use-after-free in the XHCI USB controller. The issue lets a malicious actor with local VM admin privileges execute code as the host VMX process running on the host. This is a host-level impact triggered from within...

CVE-2024-22255

CVE-2024-22255 is an information disclosure vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with administrative access inside a guest VM can leak memory from the VMX process, potentially exposing sensitive data. The issue is documented wi...

CVE-2021-22041

CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...

CVE-2024-37079

CVE-2024-37079 is a VMware vCenter Server DCERPC heap-out-of-bounds/write vulnerability with remote code execution potential when a network-accessible vCenter receives crafted packets. Affected component: vCenter Server (DCERPC workflow). Root cause: heap overflow/out-of-bounds write in the DCERP...

CVE-2021-22050

CVE-2021-22050 is a slow HTTP POST denial-of-service vulnerability in ESXi's rhttpproxy. Exploitation requires network access to ESXi and can overwhelm the service to cause DoS. Connected sources (Red Hat CVE page) confirm the same description. VMware’s VMSA-2022-0004 is the remediation advisory ...

CVE-2020-4004

CVE-2020-4004 is a use-after-free in the XHCI USB controller affecting VMware ESXi (7.0 before ESXi70U1b-17168206; 6.7 before ESXi670-202011101-SG; 6.5 before ESXi650-202011301-SG), VMware Workstation (15.x before 15.5.7), and VMware Fusion (11.x before 11.5.7). The underlying issue allows a mali...

CVE-2021-21980

CVE-2021-21980 affects the vSphere Web Client (FLEX/Flash) in VMware vCenter Server, enabling an unauthorized arbitrary file read via network access to port 443. Public documentation confirms path traversal/vfile-read behavior with high impact (CVE-2021-21980; CVSSv3.1 base 7.5). Affected product...

CVE-2021-21994

CVE-2021-21994 affects VMware ESXi via SFCB authentication bypass. A remote attacker with network access to port 5989 can bypass SFCB authentication by a crafted request. VMware's VMSA-2021-0014 provides patched versions: ESXi 7.0 (ESXi70U2-17630552), ESXi 6.7 (ESXi670-202103101-SG), and ESXi 6.5...

CVE-2022-31696

CVE-2022-31696 is a memory‑corruption flaw in VMware ESXi related to how a network socket is handled. A local, authenticated attacker could exploit this to escape the ESXi sandbox. Affected: ESXi (versions referenced in connected docs). Impact: potential memory corruption with high severity. Miti...

CVE-2019-16919

Harbor/CNCF Harbor API contains a Broken Access Control vulnerability (CVE-2019-16919). It can allow a project administrator to create a robot account with unauthorized push/pull permissions in a project they should not control. Affected components include Harbor API within Harbor Container Regis...

CVE-2022-22959

CVE-2022-22959 affects VMware Workspace ONE Access, VMware Identity Manager, and vRealize Automation. The vulnerability is a Cross-Site Request Forgery (CSRF) that can trick a logged-in user into unknowingly validating a malicious JDBC URI, as described in the VMSA-2022-0011 advisory. This mode s...

CVE-2023-34063

VMware Aria Automation (formerly vRealize Automation) is affected by CVE-2023-34063 due to a Missing Access Control flaw. An authenticated attacker could gain unauthorized access to remote organizations and workflows. The vulnerability affects Aria Automation prior to fixed builds; no exploit det...

CVE-2022-22982

CVE-2022-22982 is a server-side request forgery (SSRF) vulnerability in VMware vCenter Server. With network access to port 443, an attacker can cause the server to fetch a URL outside vCenter or access an internal service. The issue affects vCenter Server 6.5 (up to 6.5 U3t), 6.7 (up to 6.7 U3r),...

CVE-2021-21986

Summary: CVE-2021-21986 affects the vSphere Client (HTML5) by exploiting a flaw in the vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A remote attacker who can reach port 443 on vCenter ...

CVE-2022-22961

CVE-2022-22961 affects VMware products including Workspace ONE Access, Identity Manager and vRealize Automation. The issue is an information-disclosure fault caused by returning excess data, enabling a remote attacker to leak the target’s hostname. The vulnerability is exploitable remotely and co...

CVE-2025-22220

CVE-2025-22220 affects VMware Aria Operations for Logs. A privilege-escalation vulnerability allows a malicious actor with non-administrative privileges and network access to the Aria Operations for Logs API to perform certain operations in the context of an admin user. The issue is part of a set...

CVE-2024-22254

CVE-2024-22254 : VMware ESXi contains an out-of-bounds write vulnerability in the VMX sandbox process. A local, privileged attacker within a VMX context could trigger the write and escape the sandbox, potentially impacting the host. Public details confirm the issue affects ESXi (and related VMwar...

CVE-2024-37081

CVE-2024-37081 affects VMware vCenter Server (vCenter Server Appliance). A misconfiguration of sudo enables a local authenticated user with non-admin privileges to escalate to root. IBM’s bulletin ties this to vCenter Server variants in IBM Cloud Pak System and lists the remediation path: upgrade...

CVE-2021-22015

This CVE affects VMware vCenter Server (vCenter Appliance) and describes local privilege escalation due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. An authenticated local user in the cis group can write to this file and cause vmware-vmon to run as root, elevating p...

CVE-2022-31697

CVE-2022-31697 is an information disclosure vulnerability in VMware vCenter Server where credentials are logged in plaintext during operations on the vCenter Appliance ISO (Install/Upgrade/Migrate/Restore). The underlying issue enables a local attacker who has access to the workstation invoking t...

CVE-2022-31699

CVE-2022-31699 is a heap-overflow in VMware ESXi. A local authenticated attacker within a sandbox may disclose partial information from memory. Affected: ESXi runtimes; root cause is a heap-based overflow. Remediation in documents points to applying VMware VMSA-2022-0030 fixes (updating ESXi to f...

CVE-2020-3981

CVE-2020-3981 affects VMware products (ESXi, Workstation, Fusion) with an out-of-bounds read caused by a TOCTOU in the ACPI device. An attacker with VM-level admin access can leak memory from the vmx process. CVE-2020-3982 is a related out-of-bounds write in the same ACPI TOCTOU path, potentially...

CVE-2022-22945

CVE-2022-22945 affects VMware NSX Data Center for vSphere (NSX-V) in the NSX Edge appliance. A CLI shell injection exists that allows a user with SSH access to an NSX-Edge appliance to execute arbitrary commands as root on the underlying OS (local privilege escalation). Reported cause: improper i...

CVE-2020-4005

CVE-2020-4005 affects VMware ESXi 7.0 (before ESXi70U1b-17168206), 6.7 (before ESXi670-202011101-SG), and 6.5 (before ESXi650-202011301-SG). The issue is a privilege-escalation flaw in how certain system calls are managed, allowing a malicious actor with privileges inside the VMX process to escal...

CVE-2024-22274

VMware vCenter Server CVE-2024-22274 is an authenticated RCE that requires an admin on the vCenter appliance shell to run arbitrary OS commands. Public IBM Red Hat and other advisories confirm the issue and severity (CVSS 7.2, High) with a path to remediation: upgrade vCenter to a fixed release (...

CVE-2021-21993

CVE-2021-21993 describes a Server-Side Request Forgery (SSRF) in VMware vCenter Server Content Library. An authorised user with content library access can trigger a POST request to vCenter Server, causing information disclosure. Affected ecosystem includes VMware vCenter Server versions vulnerabl...

CVE-2021-22009

CVE-2021-22009 affects VMware vCenter Server via VAPI, enabling a remote attacker to trigger a DoS through excessive memory consumption in the VAPI service when accessing port 443. Public sources (NVD/Red Hat CNVD) describe multiple memory‑exhaustion DoS vulnerabilities in VAPI/VAPI endpoints. Th...