Cloud Foundation Security Vulnerabilities and Issues — Cloud Foundation CVE List

Lucene search

VmwareCloud Foundation

18 matches found

CVE•added 2024/06/25 3:15 p.m.•264 views

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active...

7.2CVSS7.4AI score0.53731EPSS

CVE•added 2024/03/05 6:15 p.m.•220 views

CVE-2024-22255

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

7.1CVSS7.7AI score0.03411EPSS

CVE•added 2024/03/05 6:15 p.m.•149 views

CVE-2024-22254

VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.

8.2CVSS8.6AI score0.00318EPSS

CVE•added 2024/05/21 6:15 p.m.•132 views

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

7.2CVSS8AI score0.56566EPSS

CVE•added 2024/01/16 10:15 a.m.•112 views

CVE-2023-34063

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor mayexploit this vulnerability leading to unauthorized access to remoteorganizations and workflows.

9.9CVSS8.1AI score0.00204EPSS

CVE•added 2024/03/05 6:15 p.m.•110 views

CVE-2024-22253

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitat...

9.3CVSS9.5AI score0.00061EPSS

CVE•added 2024/06/18 6:15 a.m.•108 views

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

7.8CVSS7.3AI score0.44165EPSS

CVE•added 2024/05/21 6:15 p.m.•100 views

CVE-2024-22273

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a vi...

8.1CVSS7.1AI score0.00229EPSS

CVE•added 2024/05/21 6:15 p.m.•74 views

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

4.9CVSS6.6AI score0.07251EPSS

CVE•added 2024/07/11 5:15 a.m.•74 views

CVE-2024-22280

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

8.5CVSS8.3AI score0.00891EPSS

CVE•added 2024/06/25 3:15 p.m.•62 views

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. Amalicious actor with local administrative privileges on a virtualmachine with an existing snapshot may trigger an out-of-bounds readleading to a denial-of-service condition of the host.

6.8CVSS6.7AI score0.00046EPSS

CVE•added 2024/02/21 5:15 a.m.•59 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS6.8AI score0.00045EPSS

CVE•added 2024/11/26 12:15 p.m.•53 views

CVE-2024-38830

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

7.8CVSS7.9AI score0.00032EPSS

CVE•added 2024/11/26 12:15 p.m.•49 views

CVE-2024-38832

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

7.1CVSS6.5AI score0.00314EPSS

CVE•added 2024/11/26 12:15 p.m.•47 views

CVE-2024-38834

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.5CVSS6.1AI score0.00246EPSS

CVE•added 2024/11/26 12:15 p.m.•46 views

CVE-2024-38833

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.8CVSS6.3AI score0.00163EPSS

CVE•added 2024/11/26 12:15 p.m.•45 views

CVE-2024-38831

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.

7.8CVSS8AI score0.00254EPSS

CVE•added 2024/06/25 3:15 p.m.•42 views

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

5.3CVSS6.9AI score0.00615EPSS