VMware

Cloud Foundation

126 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-38815

  • EPSS 0.13%
  • Veröffentlicht 09.10.2024 20:15:07
  • Zuletzt bearbeitet 10.10.2024 12:51:56

VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.

8.1

CVE-2024-22280

  • EPSS 1.41%
  • Veröffentlicht 11.07.2024 05:15:10
  • Zuletzt bearbeitet 14.03.2025 19:15:44

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

7.2

CVE-2024-37085

Warnung
  • EPSS 65.24%
  • Veröffentlicht 25.06.2024 15:15:12
  • Zuletzt bearbeitet 20.12.2024 16:52:43

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.c...

6.8

CVE-2024-37086

Warnung
  • EPSS 0.07%
  • Veröffentlicht 25.06.2024 15:15:12
  • Zuletzt bearbeitet 27.06.2025 13:39:14

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.

5.3

CVE-2024-37087

Warnung
  • EPSS 0.31%
  • Veröffentlicht 25.06.2024 15:15:12
  • Zuletzt bearbeitet 27.06.2025 13:39:54

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

7.8

CVE-2024-37081

  • EPSS 56.09%
  • Veröffentlicht 18.06.2024 06:15:11
  • Zuletzt bearbeitet 21.11.2024 09:23:09

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server A...

7.2

CVE-2024-22274

  • EPSS 61.45%
  • Veröffentlicht 21.05.2024 18:15:09
  • Zuletzt bearbeitet 27.06.2025 13:37:52

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

4.9

CVE-2024-22275

  • EPSS 7.25%
  • Veröffentlicht 21.05.2024 18:15:09
  • Zuletzt bearbeitet 27.06.2025 13:38:06

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

7.8

CVE-2024-22273

  • EPSS 0.22%
  • Veröffentlicht 21.05.2024 18:15:08
  • Zuletzt bearbeitet 26.03.2025 16:15:19

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service cond...

8.2

CVE-2024-22254

  • EPSS 0.41%
  • Veröffentlicht 05.03.2024 18:15:48
  • Zuletzt bearbeitet 07.05.2025 15:37:28

VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.