VMware

Cloud Foundation

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2025-41238

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 15.07.2025 18:34:48
  • Zuletzt bearbeitet 15.07.2025 20:07:28

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit t...

9.3

CVE-2025-41237

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 15.07.2025 18:34:21
  • Zuletzt bearbeitet 15.07.2025 20:07:28

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this iss...

9.3

CVE-2025-41236

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 15.07.2025 18:34:12
  • Zuletzt bearbeitet 15.07.2025 20:07:28

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this i...

4.3

CVE-2025-41228

Medienbericht
  • EPSS 6.01%
  • Veröffentlicht 20.05.2025 14:24:34
  • Zuletzt bearbeitet 21.05.2025 20:25:16

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to...

5.5

CVE-2025-41227

Medienbericht
  • EPSS 0.09%
  • Veröffentlicht 20.05.2025 14:24:29
  • Zuletzt bearbeitet 21.05.2025 20:25:16

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory o...

6.8

CVE-2025-41226

Medienbericht
  • EPSS 0.13%
  • Veröffentlicht 20.05.2025 14:24:24
  • Zuletzt bearbeitet 21.05.2025 20:25:16

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to cre...

8.8

CVE-2025-41225

Medienbericht
  • EPSS 0.12%
  • Veröffentlicht 20.05.2025 14:24:17
  • Zuletzt bearbeitet 21.05.2025 20:25:16

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.

7.3

CVE-2025-41231

Medienbericht
  • EPSS 0.12%
  • Veröffentlicht 20.05.2025 13:15:48
  • Zuletzt bearbeitet 12.06.2025 16:22:47

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

7.5

CVE-2025-41230

Medienbericht
  • EPSS 0.39%
  • Veröffentlicht 20.05.2025 13:15:47
  • Zuletzt bearbeitet 21.05.2025 20:25:16

VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.

8.2

CVE-2025-41229

Medienbericht
  • EPSS 2.11%
  • Veröffentlicht 20.05.2025 13:15:47
  • Zuletzt bearbeitet 21.05.2025 20:25:16

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.