NotCVE - vendor:"Vmware" product:"Cloud Foundation" version:"4.4"

Page 2 of 30 results (0.001 seconds)

CVSS: 3.3EPSS: 0%CPEs: 285EXPL: 0

CVE-2022-31699

https://notcve.org/view.php?id=CVE-2022-31699

13 Dec 2022 — VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. VMware ESXi contiene una vulnerabilidad de desbordamiento del heap. Un actor local malicioso con privilegios restringidos dentro de un proceso de espacio aislado puede aprovechar este problema para lograr una divulgación parcial de información. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0

CVE-2022-31681

https://notcve.org/view.php?id=CVE-2022-31681

07 Oct 2022 — VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. VMware ESXi contiene una vulnerabilidad de deferencia de puntero null. Un actor malicioso con privilegios dentro del proceso VMX solamente, puede crear una condición de negación de servicio en el host • https://www.vmware.com/security/advisories/VMSA-2022-0025.html • CWE-476: NULL Pointer Dereference •

CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-22958

https://notcve.org/view.php?id=CVE-2022-22958

13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecución de código remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso ad... • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-22961

https://notcve.org/view.php?id=CVE-2022-22961

13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de divulgación de información debido a una devolución de información excesiva. Un actor malicioso con acceso r... • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-22959

https://notcve.org/view.php?id=CVE-2022-22959

13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross site request forgery. Un actor malicioso puede engañar a un usuario mediante un ataque de tipo cross site request forgery para que compruebe involuntariament... • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 47%CPEs: 13EXPL: 1

CVE-2022-22957 – VMware Workspace ONE Remote Code Execution

https://notcve.org/view.php?id=CVE-2022-22957

13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecución de código remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso ad... • https://packetstorm.news/files/id/171918 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 79%CPEs: 13EXPL: 5

CVE-2022-22960 – VMware Multiple Products Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2022-22960

13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios debido a permisos inapropiados en scripts de soporte. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Acce... • https://packetstorm.news/files/id/171935 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 0

CVE-2021-22016

https://notcve.org/view.php?id=CVE-2021-22016

23 Sep 2021 — The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. vCenter Server contiene una vulnerabilidad de tipo cross-site scripting vulnerability reflejado debido a una falta de saneo de entrada. Un atacante puede explotar este problema para ejecutar scripts maliciosos al engañar a la víctima para que haga clic en un enlace malicioso • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0

CVE-2021-22014

https://notcve.org/view.php?id=CVE-2021-22014

23 Sep 2021 — The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server. vCenter Server contiene una vulnerabilidad de ejecución de código autenticado en VAMI (Virtual Appliance Management Infrastructure). Un usuario autenticado de VAMI con acceso de red al puerto 5480 en vCen... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2021-22013

https://notcve.org/view.php?id=CVE-2021-22013

23 Sep 2021 — The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. vCenter Server contiene una vulnerabilidad de salto de ruta de archivos que conlleva a una divulgación de información en la API de administración de dispositivos. Un actor malicioso con acceso de red al puerto 443 de vCenter Server puede explotar es... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1 2 3