Vulnerabilities > Vmware > Cloud Foundation > 3.7.1

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-31696 Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket.
local
low complexity
vmware CWE-787
8.8
2022-12-13 CVE-2022-31698 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a denial-of-service vulnerability in the content library service.
network
low complexity
vmware
5.3
2022-12-13 CVE-2022-31699 Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7
VMware ESXi contains a heap-overflow vulnerability.
local
low complexity
vmware CWE-787
3.3
2022-10-28 CVE-2022-31678 XXE vulnerability in VMWare Cloud Foundation and NSX Data Center
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability.
network
low complexity
vmware CWE-611
critical
9.1
2022-05-20 CVE-2022-22972 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
9.8
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
6.5
2022-04-13 CVE-2022-22958 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
2022-04-13 CVE-2022-22959 Cross-Site Request Forgery (CSRF) vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.
network
vmware CWE-352
4.3
2022-04-13 CVE-2022-22960 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
local
low complexity
vmware CWE-732
7.8
2022-04-13 CVE-2022-22961 Information Exposure vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information.
network
low complexity
vmware CWE-200
5.3