Vmware Cloud Foundation vulnerabilities

137 known vulnerabilities affecting vmware/cloud_foundation.

Total CVEs

137

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL20HIGH65MEDIUM49LOW3

Vulnerabilities

Page 7 of 7

CVE-2020-3992CRITICALCVSS 9.8KEV≥ 3.0, < 3.10.1.2≥ 4.0, < 4.1.0.12020-10-20

CVE-2020-3992 [CRITICAL] CWE-416 CVE-2020-3992: OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code ex

nvd

CVE-2020-3994HIGHCVSS 7.4≥ 3.0, < 3.92020-10-20

CVE-2020-3994 [HIGH] CWE-295 CVE-2020-3994: VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCente

nvd

CVE-2020-3982HIGHCVSS 7.7≥ 3.0, < 3.10.1≥ 4.0, < 4.12020-10-20

CVE-2020-3982 [HIGH] CWE-367 CVE-2020-3982: VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650 VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit

nvd

CVE-2020-3981MEDIUMCVSS 5.8≥ 3.0, < 3.10.1≥ 4.0, < 4.12020-10-20

CVE-2020-3981 [MEDIUM] CWE-125 CVE-2020-3981: VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650 VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit

nvd

CVE-2020-3995MEDIUMCVSS 5.3≥ 3.0, < 3.92020-10-20

CVE-2020-3995 [MEDIUM] CWE-401 CVE-2020-3995: In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resourc

nvd

CVE-2020-3993MEDIUMCVSS 5.9≥ 3.0, < 3.10.1.1≥ 4.0, < 4.12020-10-20

CVE-2020-3993 [MEDIUM] CVE-2020-3993: VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exist VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

nvd

CVE-2020-3976MEDIUMCVSS 5.3≥ 3.0, < 3.10≥ 4.0, < 4.0.12020-08-21

CVE-2020-3976 [MEDIUM] CWE-400 CVE-2020-3976: VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

nvd

CVE-2020-3968HIGHCVSS 8.2≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-25

CVE-2020-3968 [HIGH] CWE-787 CVE-2020-3968: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to

nvd

CVE-2020-3967HIGHCVSS 7.5≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-25

CVE-2020-3967 [HIGH] CWE-787 CVE-2020-3967: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerabilit

nvd

CVE-2020-3966HIGHCVSS 7.5≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-25

CVE-2020-3966 [HIGH] CWE-362 CVE-2020-3966: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit t

nvd

CVE-2020-3965MEDIUMCVSS 5.5≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-25

CVE-2020-3965 [MEDIUM] CWE-125 CVE-2020-3965: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained i

nvd

CVE-2020-3964MEDIUMCVSS 4.7≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-25

CVE-2020-3964 [MEDIUM] CWE-908 CVE-2020-3964: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained i

nvd

CVE-2020-3971MEDIUMCVSS 5.5≥ 3.0, < 3.7.22020-06-25

CVE-2020-3971 [MEDIUM] CWE-787 CVE-2020-3971: VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged

nvd

CVE-2020-3963MEDIUMCVSS 5.5≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-25

CVE-2020-3963 [MEDIUM] CWE-416 CVE-2020-3963: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in phy

nvd

CVE-2020-3970LOWCVSS 3.8≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-25

CVE-2020-3970 [LOW] CWE-125 CVE-2020-3970: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enab

nvd

CVE-2020-3969HIGHCVSS 7.8≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-24

CVE-2020-3969 [HIGH] CWE-193 CVE-2020-3969: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to ex

nvd

CVE-2020-3962HIGHCVSS 8.2≥ 3.0, < 3.10≥ 4.0.0, < 4.0.12020-06-24

CVE-2020-3962 [HIGH] CWE-416 CVE-2020-3962: VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESX VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this

nvd

← Previous7 / 7