Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_foundation
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 97 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-12-13 | CVE-2022-31696 | VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | Cloud_foundation, Esxi | 8.8 | ||
| 2022-12-13 | CVE-2022-31697 | The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | Cloud_foundation, Vcenter_server | 5.5 | ||
| 2022-12-13 | CVE-2022-31698 | The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | Cloud_foundation, Vcenter_server | 5.3 | ||
| 2022-12-13 | CVE-2022-31699 | VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | Cloud_foundation, Esxi | 3.3 | ||
| 2022-12-14 | CVE-2022-31700 | VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | Access, Cloud_foundation, Identity_manager | 7.2 | ||
| 2022-12-14 | CVE-2022-31701 | VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | Access, Cloud_foundation, Identity_manager_connector | 5.3 | ||
| 2023-04-20 | CVE-2023-20864 | VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | Aria_operations_for_logs, Cloud_foundation | 9.8 | ||
| 2023-04-20 | CVE-2023-20865 | VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | Aria_operations_for_logs, Cloud_foundation | 7.2 | ||
| 2023-05-12 | CVE-2023-20877 | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | Cloud_foundation, Vrealize_operations | 8.8 | ||
| 2023-05-12 | CVE-2023-20878 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | Cloud_foundation, Vrealize_operations | 7.2 |