Vulnerabilities > Vmware > Cloud Foundation > 3.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2021-22040 | Use After Free vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. | 4.6 |
| 2022-02-16 | CVE-2021-22041 | Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. | 4.6 |
| 2022-02-16 | CVE-2021-22050 | Allocation of Resources Without Limits or Throttling vulnerability in VMWare Cloud Foundation and Esxi ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. | 5.0 |
| 2022-02-16 | CVE-2022-22945 | OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center VMware NSX Edge contains a CLI shell injection vulnerability. | 7.2 |
| 2021-09-23 | CVE-2021-22015 | Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. | 7.8 |
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |
| 2021-09-23 | CVE-2021-22007 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a local information disclosure vulnerability in the Analytics service. | 2.1 |
| 2021-09-23 | CVE-2021-22008 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. | 5.0 |
| 2021-09-23 | CVE-2021-22009 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. | 5.0 |
| 2021-09-23 | CVE-2021-22012 | Missing Authentication for Critical Function vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. | 5.0 |