VMware

Cloud Foundation

126 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-21975

Warning Exploit
  • EPSS 94.42%
  • Published 31.03.2021 18:15:14
  • Last modified 12.03.2025 20:57:43

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrati...

8.5

CVE-2021-21983

Exploit
  • EPSS 83.18%
  • Published 31.03.2021 18:15:14
  • Last modified 21.11.2024 05:49:22

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the un...

8.8

CVE-2021-21974

Exploit
  • EPSS 48.35%
  • Published 24.02.2021 17:15:16
  • Last modified 21.11.2024 05:49:21

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427...

10

CVE-2021-21972

Warning Exploit
  • EPSS 93.74%
  • Published 24.02.2021 17:15:15
  • Last modified 02.04.2025 21:07:42

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operatin...

5.3

CVE-2021-21973

Warning
  • EPSS 89.05%
  • Published 24.02.2021 17:15:15
  • Last modified 28.03.2025 16:31:11

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request ...

9.1

CVE-2020-4006

Warning
  • EPSS 15.59%
  • Published 23.11.2020 22:15:12
  • Last modified 02.04.2025 20:22:15

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

8.2

CVE-2020-4004

  • EPSS 0.23%
  • Published 20.11.2020 20:15:13
  • Last modified 21.11.2024 05:32:08

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A maliciou...

7.8

CVE-2020-4005

  • EPSS 0.21%
  • Published 20.11.2020 20:15:13
  • Last modified 21.11.2024 05:32:09

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileg...

5.3

CVE-2020-3995

  • EPSS 0.38%
  • Published 20.10.2020 17:15:13
  • Last modified 21.11.2024 05:32:07

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor ...

5.8

CVE-2020-3981

  • EPSS 0.2%
  • Published 20.10.2020 17:15:12
  • Last modified 21.11.2024 05:32:06

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue i...