Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Vmware Subscribe
Filtered by product Cloud Foundation
Total 86 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21992 1 Vmware 2 Cloud Foundation, Vcenter Server 2022-07-12 6.8 MEDIUM 6.5 MEDIUM
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.
CVE-2021-22008 1 Vmware 2 Cloud Foundation, Vcenter Server 2022-07-12 5.0 MEDIUM 7.5 HIGH
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
CVE-2020-3992 1 Vmware 2 Cloud Foundation, Esxi 2022-06-14 10.0 HIGH 9.8 CRITICAL
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
CVE-2021-21994 1 Vmware 2 Cloud Foundation, Esxi 2022-06-02 6.8 MEDIUM 9.8 CRITICAL
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
CVE-2021-21995 1 Vmware 2 Cloud Foundation, Esxi 2022-06-02 5.0 MEDIUM 7.5 HIGH
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
CVE-2021-21974 1 Vmware 2 Cloud Foundation, Esxi 2022-06-02 5.8 MEDIUM 8.8 HIGH
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
CVE-2022-22972 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2022-05-27 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVE-2022-22973 2 Linux, Vmware 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more 2022-05-27 7.2 HIGH 7.8 HIGH
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVE-2020-3964 1 Vmware 4 Cloud Foundation, Esxi, Fusion and 1 more 2022-05-03 1.9 LOW 4.7 MEDIUM
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
CVE-2020-3965 1 Vmware 4 Cloud Foundation, Esxi, Fusion and 1 more 2022-05-03 2.1 LOW 5.5 MEDIUM
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVE-2022-22961 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2022-04-21 5.0 MEDIUM 5.3 MEDIUM
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
CVE-2022-22960 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2022-04-21 7.2 HIGH 7.8 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-22959 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2022-04-21 4.3 MEDIUM 4.3 MEDIUM
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
CVE-2022-22958 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2022-04-21 6.5 MEDIUM 7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22957 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2022-04-21 6.5 MEDIUM 7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22948 1 Vmware 2 Cloud Foundation, Vcenter Server 2022-04-08 4.0 MEDIUM 6.5 MEDIUM
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
CVE-2021-22042 1 Vmware 2 Cloud Foundation, Esxi 2022-02-25 4.6 MEDIUM 7.8 HIGH
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
CVE-2021-22050 1 Vmware 2 Cloud Foundation, Esxi 2022-02-25 5.0 MEDIUM 7.5 HIGH
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
CVE-2021-22041 1 Vmware 4 Cloud Foundation, Esxi, Fusion and 1 more 2022-02-24 4.6 MEDIUM 6.7 MEDIUM
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVE-2021-22040 1 Vmware 5 Cloud Foundation, Esxi, Fusion and 2 more 2022-02-24 4.6 MEDIUM 6.7 MEDIUM
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.