Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_foundation
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 125 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-06-04 | CVE-2025-22243 | VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. | Vmware_nsx, Cloud_foundation, Telco_cloud_infrastructure, Telco_cloud_platform | N/A | ||
| 2025-06-04 | CVE-2025-22244 | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | Vmware_nsx, Cloud_foundation, Telco_cloud_infrastructure, Telco_cloud_platform | N/A | ||
| 2025-06-04 | CVE-2025-22245 | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. | Vmware_nsx, Cloud_foundation, Telco_cloud_infrastructure, Telco_cloud_platform | N/A | ||
| 2025-05-13 | CVE-2025-22249 | VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | Aria_automation, Cloud_foundation, Telco_cloud_platform | N/A | ||
| 2024-05-21 | CVE-2024-22274 | The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. | Cloud_foundation, Vcenter_server | N/A | ||
| 2024-05-21 | CVE-2024-22275 | The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. | Cloud_foundation, Vcenter_server | N/A | ||
| 2024-06-25 | CVE-2024-37086 | VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host. | Cloud_foundation, Esxi | N/A | ||
| 2024-06-25 | CVE-2024-37087 | The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition. | Cloud_foundation, Vcenter_server | N/A | ||
| 2024-01-16 | CVE-2023-34063 | Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | Aria_automation, Cloud_foundation | 8.3 | ||
| 2024-06-18 | CVE-2024-37081 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. | Cloud_foundation, Vcenter_server | N/A |