Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_foundation
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 99 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-20 | CVE-2020-3994 | VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. | Cloud_foundation, Vcenter_server | 7.4 | ||
| 2020-11-20 | CVE-2020-4005 | VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) | Cloud_foundation, Esxi | 7.8 | ||
| 2020-11-20 | CVE-2020-4004 | VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | Cloud_foundation, Esxi, Fusion, Workstation | 8.2 | ||
| 2021-02-24 | CVE-2021-21974 | OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. | Cloud_foundation, Esxi | 8.8 | ||
| 2021-03-31 | CVE-2021-21983 | Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | Cloud_foundation, Vrealize_operations_manager, Vrealize_suite_lifecycle_manager | 6.5 | ||
| 2021-05-26 | CVE-2021-21986 | The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication. | Cloud_foundation, Vcenter_server | 9.8 | ||
| 2021-07-13 | CVE-2021-21994 | SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request. | Cloud_foundation, Esxi | 9.8 | ||
| 2021-07-13 | CVE-2021-21995 | OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition. | Cloud_foundation, Esxi | 7.5 | ||
| 2021-08-30 | CVE-2021-22022 | The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. | Cloud_foundation, Vrealize_operations_manager, Vrealize_suite_lifecycle_manager | 4.9 | ||
| 2021-08-30 | CVE-2021-22023 | The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. | Cloud_foundation, Vrealize_operations_manager, Vrealize_suite_lifecycle_manager | 7.2 |