Cloud Foundation Security Vulnerabilities and Issues — Cloud Foundation CVE List

Lucene search

VmwareCloud Foundation

17 matches found

CVE•added 2022/03/29 6:15 p.m.•234 views

CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

6.5CVSS6.3AI score0.11504EPSS

CVE•added 2022/02/16 5:15 p.m.•221 views

CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

6.7CVSS7.2AI score0.0163EPSS

CVE•added 2022/02/16 5:15 p.m.•209 views

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

6.7CVSS7.1AI score0.01396EPSS

CVE•added 2021/09/23 12:15 p.m.•136 views

CVE-2021-21993

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...

6.5CVSS7AI score0.00233EPSS

CVE•added 2021/09/22 7:15 p.m.•113 views

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service...

6.8CVSS7.8AI score0.00485EPSS

CVE•added 2021/09/23 1:15 p.m.•98 views

CVE-2021-22016

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.

6.1CVSS6.5AI score0.01235EPSS

CVE•added 2023/05/30 4:15 p.m.•86 views

CVE-2023-20884

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

6.1CVSS5.9AI score0.0027EPSS

CVE•added 2022/10/07 9:15 p.m.•71 views

CVE-2022-31681

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

6.5CVSS6.8AI score0.00093EPSS

CVE•added 2021/09/23 1:15 p.m.•67 views

CVE-2021-22018

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

6.5CVSS6.7AI score0.00537EPSS

CVE•added 2024/06/25 3:15 p.m.•61 views

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. Amalicious actor with local administrative privileges on a virtualmachine with an existing snapshot may trigger an out-of-bounds readleading to a denial-of-service condition of the host.

6.8CVSS6.7AI score0.00046EPSS

CVE•added 2024/02/21 5:15 a.m.•59 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS6.8AI score0.00045EPSS

CVE•added 2023/09/27 3:18 p.m.•57 views

CVE-2023-34043

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS6.8AI score0.00039EPSS

CVE•added 2023/05/12 9:15 p.m.•56 views

CVE-2023-20880

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS7.3AI score0.00041EPSS

CVE•added 2025/06/04 8:15 p.m.•55 views

CVE-2025-22244

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

6.9CVSS5.6AI score0.00039EPSS

CVE•added 2023/05/12 9:15 p.m.•54 views

CVE-2023-20879

VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.

6.7CVSS7.3AI score0.00045EPSS

CVE•added 2024/11/26 12:15 p.m.•47 views

CVE-2024-38834

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.5CVSS6.1AI score0.00246EPSS

CVE•added 2024/11/26 12:15 p.m.•46 views

CVE-2024-38833

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.8CVSS6.3AI score0.00163EPSS