VMware

Cloud Foundation

135 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-38833

  • EPSS 0.23%
  • Veröffentlicht 26.11.2024 12:15:18
  • Zuletzt bearbeitet 14.05.2025 16:36:49

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

4.8

CVE-2024-38834

  • EPSS 0.38%
  • Veröffentlicht 26.11.2024 12:15:18
  • Zuletzt bearbeitet 14.05.2025 16:36:45

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations...

6.7

CVE-2024-38817

  • EPSS 0.09%
  • Veröffentlicht 09.10.2024 20:15:08
  • Zuletzt bearbeitet 10.10.2024 12:51:56

VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.

6.7

CVE-2024-38818

  • EPSS 0.14%
  • Veröffentlicht 09.10.2024 20:15:08
  • Zuletzt bearbeitet 10.10.2024 12:51:56

VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.

4.3

CVE-2024-38815

  • EPSS 0.36%
  • Veröffentlicht 09.10.2024 20:15:07
  • Zuletzt bearbeitet 10.10.2024 12:51:56

VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.

9.8

CVE-2024-38813

Warnung
  • EPSS 31.19%
  • Veröffentlicht 17.09.2024 18:15:04
  • Zuletzt bearbeitet 31.10.2025 15:56:53

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

9.8

CVE-2024-38812

Warnung
  • EPSS 78.81%
  • Veröffentlicht 17.09.2024 18:15:03
  • Zuletzt bearbeitet 31.10.2025 15:57:11

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially l...

8.1

CVE-2024-22280

  • EPSS 1.91%
  • Veröffentlicht 11.07.2024 05:15:10
  • Zuletzt bearbeitet 14.03.2025 19:15:44

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

7.2

CVE-2024-37085

Warnung
  • EPSS 74.84%
  • Veröffentlicht 25.06.2024 15:15:12
  • Zuletzt bearbeitet 30.10.2025 19:52:34

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.c...

6.8

CVE-2024-37086

Warnung
  • EPSS 0.07%
  • Veröffentlicht 25.06.2024 15:15:12
  • Zuletzt bearbeitet 27.06.2025 13:39:14

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.