Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
VmwareCloud Foundation3.0

71 matches found

cve
cveadded 2020/06/25 3:15 p.m.87 views

CVE-2020-3971

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 ...

5.5CVSS6.1AI score0.00043EPSS
cve
cveadded 2021/09/23 1:15 p.m.87 views

CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

7.5CVSS7.7AI score0.01065EPSS
cve
cveadded 2021/09/23 1:15 p.m.87 views

CVE-2021-22020

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.

5.5CVSS7.1AI score0.00084EPSS
cve
cveadded 2021/09/23 12:15 p.m.86 views

CVE-2021-22007

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

5.5CVSS6.9AI score0.00073EPSS
cve
cveadded 2020/06/24 4:15 p.m.81 views

CVE-2020-3969

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a vi...

7.8CVSS7.8AI score0.00115EPSS
cve
cveadded 2020/06/24 5:15 p.m.79 views

CVE-2020-3962

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machi...

8.2CVSS8.1AI score0.00129EPSS
cve
cveadded 2020/10/20 5:15 p.m.76 views

CVE-2020-3995

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to t...

5.3CVSS6AI score0.0038EPSS
cve
cveadded 2022/02/04 11:15 p.m.76 views

CVE-2022-22939

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or m...

4.9CVSS4.9AI score0.0026EPSS
cve
cveadded 2020/06/25 3:15 p.m.74 views

CVE-2020-3966

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with lo...

7.5CVSS7.6AI score0.0011EPSS
cve
cveadded 2020/06/25 3:15 p.m.70 views

CVE-2020-3967

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a ...

7.5CVSS7.6AI score0.00142EPSS
cve
cveadded 2021/09/23 12:15 p.m.67 views

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

7.5CVSS7.4AI score0.00729EPSS
cve
cveadded 2020/06/25 3:15 p.m.66 views

CVE-2020-3970

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrativ...

3.8CVSS4.8AI score0.00084EPSS
cve
cveadded 2021/08/30 6:15 p.m.66 views

CVE-2021-22025

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

7.5CVSS7.5AI score0.00189EPSS
cve
cveadded 2021/08/30 6:15 p.m.64 views

CVE-2021-22024

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

7.5CVSS7.2AI score0.00273EPSS
cve
cveadded 2020/06/25 3:15 p.m.62 views

CVE-2020-3968

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local admin...

8.2CVSS8.1AI score0.00096EPSS
cve
cveadded 2021/08/30 6:15 p.m.61 views

CVE-2021-22023

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

7.2CVSS7AI score0.00324EPSS
cve
cveadded 2021/08/30 6:15 p.m.59 views

CVE-2021-22026

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.00253EPSS
cve
cveadded 2021/08/30 6:15 p.m.57 views

CVE-2021-22022

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

4.9CVSS5.9AI score0.00214EPSS
cve
cveadded 2021/08/30 6:15 p.m.57 views

CVE-2021-22027

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.00228EPSS
cve
cveadded 2020/10/20 5:15 p.m.53 views

CVE-2020-3993

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

5.9CVSS6.4AI score0.00318EPSS
cve
cveadded 2021/09/23 12:15 p.m.50 views

CVE-2021-22012

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

7.5CVSS7.5AI score0.00656EPSS
Total number of security vulnerabilities71