Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware cloud foundation vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-3992
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trig...
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Cloud Foundation
Vmware Esxi 7.0.0
2 Github repositories
1 Article
9.1
CVSSv3
CVE-2022-31678
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
Vmware Cloud Foundation
Vmware Nsx Data Center
9.1
CVSSv3
CVE-2020-4006
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Vmware Identity Manager 3.3.1
Vmware Identity Manager 3.3.2
Vmware Identity Manager 3.3.3
Vmware Identity Manager Connector 3.3.1
Vmware Identity Manager Connector 3.3.2
Vmware One Access 20.01
Vmware One Access 20.10
Vmware Identity Manager Connector 3.3.3
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Vrealize Suite Lifecycle Manager
2 Articles
8.8
CVSSv3
CVE-2023-20877
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
Vmware Cloud Foundation
Vmware Vrealize Operations 8.10.0
Vmware Vrealize Operations 8.6.0
8.8
CVSSv3
CVE-2022-31696
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Cloud Foundation
Vmware Esxi 7.0
Vmware Cloud Foundation 4.4.1
Vmware Cloud Foundation 4.4.1.1
Vmware Cloud Foundation 4.4
Vmware Cloud Foundation 4.5
Vmware Cloud Foundation 4.76
Vmware Cloud Foundation 3.11
Vmware Cloud Foundation 3.10
Vmware Cloud Foundation 4.3.11
1 Article
8.8
CVSSv3
CVE-2021-22048
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
8.8
CVSSv3
CVE-2021-21974
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the he...
Vmware Cloud Foundation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0.0
5 Github repositories
4 Articles
8.8
CVSSv3
CVE-2019-19023
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
8.8
CVSSv3
CVE-2019-19025
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
8.5
CVSSv3
CVE-2021-39144
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the...
Xstream Project Xstream
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Netapp Snapmanager -
Oracle Webcenter Portal 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Communications Unified Inventory Management 7.3.4
Oracle Communications Unified Inventory Management 7.3.5
Oracle Communications Unified Inventory Management 7.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0
Oracle Business Activity Monitoring 12.2.1.4.0
Oracle Commerce Guided Search 11.3.2
3 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »