Skip to main content

Cloud Foundation

121 CVEs product

Monthly

CVE-2021-22023 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-22022 MEDIUM PATCH This Month

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21995 HIGH This Week

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Cloud Foundation ESXi
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-21994 CRITICAL Act Now

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Foundation ESXi
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-21986 CRITICAL Act Now

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Vcenter Server Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
12.9%
CVE-2021-21985 CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-21983 MEDIUM POC THREAT This Month

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
68.6%
CVE-2021-21975 HIGH POC KEV THREAT Act Now

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
78.3%
CVE-2021-21973 MEDIUM POC KEV THREAT This Month

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
88.0%
CVE-2021-21972 CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal VMware Cloud Foundation Vcenter Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2020-4006 CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager Identity Manager Connector One Access +2
NVD
CVSS 3.1
9.1
EPSS
23.8%
CVE-2020-4005 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Cloud Foundation ESXi
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4004 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption VMware Fusion +3
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-3995 MEDIUM PATCH This Month

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service VMware ESXi Cloud Foundation Workstation +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3994 HIGH PATCH This Week

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2020-3993 MEDIUM PATCH This Month

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure VMware Vmware Nsx T Data Center Cloud Foundation
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-3992 CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption VMware Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
83.0%
CVE-2020-3982 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi Cloud Foundation Workstation +2
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2020-3981 MEDIUM PATCH This Month

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Buffer Overflow VMware Information Disclosure Cloud Foundation Workstation +2
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-3976 MEDIUM PATCH This Month

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service VMware Cloud Foundation Vcenter Server ESXi
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-3971 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3970 LOW Monitor

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service Information Disclosure Cloud Foundation +3
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-3968 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-3967 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Memory Corruption VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-3966 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-3965 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow VMware Information Disclosure Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-3964 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-3963 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3962 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-3969 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-16919 HIGH PATCH This Week

Harbor API has a Broken Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Harbor Cloud Foundation Harbor Container Registry
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Cloud Foundation +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Foundation +1
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Vcenter Server +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF VMware +2
NVD
EPSS 69% CVSS 6.5
MEDIUM POC THREAT This Month

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 78% CVSS 7.5
HIGH POC KEV THREAT Act Now

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 88% CVSS 5.3
MEDIUM POC KEV THREAT This Month

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure VMware +2
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal VMware +2
NVD Exploit-DB
EPSS 24% CVSS 9.1
CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Cloud Foundation +1
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service VMware ESXi +3
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure VMware Cloud Foundation +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure VMware Vmware Nsx T Data Center +1
NVD
EPSS 83% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +3
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Buffer Overflow VMware ESXi +4
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Buffer Overflow VMware Information Disclosure +4
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service VMware Cloud Foundation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 0% CVSS 3.8
LOW Monitor

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service +5
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Memory Corruption VMware +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware +4
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow VMware Information Disclosure +4
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure VMware Cloud Foundation +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 1% CVSS 8.2
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow VMware Cloud Foundation +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Harbor API has a Broken Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Harbor Cloud Foundation +1
NVD GitHub
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy