cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-22215,https://securityvulnerability.io/vulnerability/CVE-2025-22215,Server-Side Request Forgery in VMware Aria Automation,"VMware Aria Automation exposes a server-side request forgery (SSRF) vulnerability that allows a malicious actor with 'Organization Member' access to exploit the system. By leveraging this vulnerability, the actor can enumerate and potentially access sensitive internal services running on the host or network, which could lead to unauthorized data exposure and compromise of the environment. It is crucial for organizations using this product to assess their risk and implement necessary security measures to protect against exploitation.",Vmware,"Vmware Aria Automation,Vmware Cloud Foundation (vmware Aria Automation)",4.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-08T06:43:32.023Z,0
CVE-2024-38817,https://securityvulnerability.io/vulnerability/CVE-2024-38817,VMware NSX Injection Vulnerability Allows Root Access,"VMware NSX contains a command injection vulnerability. 

A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.",VMware,"Vmware Nsx, Vmware Cloud Foundation",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-10-09T20:15:00.000Z,0
CVE-2024-38813,https://securityvulnerability.io/vulnerability/CVE-2024-38813,Privilege escalation vulnerability,"A privilege escalation vulnerability exists in VMware vCenter Server, enabling a remote attacker with network access to elevate their privileges to root. This is exploited by sending specially crafted network packets aimed at the vCenter Server. It is crucial for organizations using affected versions to assess their security posture and implement necessary safeguards to protect their systems against potential exploits.",Vmware,"Vmware Vcenter Server,Vmware Cloud Foundation",7.5,HIGH,0.0041600000113248825,true,true,false,true,,false,false,2024-09-17T18:15:00.000Z,0
CVE-2024-38812,https://securityvulnerability.io/vulnerability/CVE-2024-38812,vCenter Server Heap Overflow Vulnerability,"A heap-overflow vulnerability exists in the vCenter Server's implementation of the DCERPC protocol, allowing a remote attacker with network access to exploit this weakness. By sending a specially crafted network packet, the attacker may be able to execute arbitrary code on the affected system. This vulnerability poses a significant risk, as it could lead to unauthorized access or control over the system, highlighting the importance of maintaining robust network security practices and applying updates promptly.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0041600000113248825,true,true,false,true,true,true,true,2024-09-17T18:15:00.000Z,6630
CVE-2024-37087,https://securityvulnerability.io/vulnerability/CVE-2024-37087,VMware vCenter Server Denial-of-Service Vulnerability,The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.,VMware,"Vcenter Server,Vmware Cloud Foundation",5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-06-25T14:16:13.273Z,0
CVE-2024-37086,https://securityvulnerability.io/vulnerability/CVE-2024-37086,VMware ESXi Out-of-Bounds Read Vulnerability Could Lead to Denial of Service,"VMware ESXi contains an out-of-bounds read vulnerability. A
 malicious actor with local administrative privileges on a virtual 
machine with an existing snapshot may trigger an out-of-bounds read 
leading to a denial-of-service condition of the host.",VMware,"Esxi,Vmware Cloud Foundation",6.8,MEDIUM,0.0004299999854993075,false,true,false,false,,false,false,2024-06-25T14:16:08.233Z,0
CVE-2024-37085,https://securityvulnerability.io/vulnerability/CVE-2024-37085,VMware ESXi Authentication Bypass Vulnerability,"VMware ESXi is susceptible to a critical authentication bypass vulnerability that enables a malicious actor with appropriate Active Directory permissions to gain unauthorized access to the ESXi host. This situation arises when the 'ESXi Admins' AD group, used for user management, is deleted from Active Directory and subsequently recreated by the attacker. Restoring this group allows elevated access rights, compromising the integrity of the host and potentially exposing sensitive information and functionalities. Administrators are advised to review access control measures and implement best practices to mitigate the risk associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Cloud Foundation",7.2,HIGH,0.010470000095665455,true,true,true,true,true,true,true,2024-06-25T14:16:01.280Z,65164
CVE-2024-37081,https://securityvulnerability.io/vulnerability/CVE-2024-37081,VMware vCenter Server Local Privilege Escalation Vulnerabilities,"The CVE-2024-37081 vulnerability in VMware vCenter Server allows an authenticated local user with non-administrative privileges to elevate privileges to root on the vCenter Server Appliance. This is a local privilege escalation vulnerability due to misconfiguration of sudo. The potential impact of this vulnerability is significant, as it can allow unauthorized elevation of privileges on the vCenter Server. The vendor affected by this vulnerability is VMware. There are no known exploits of this vulnerability by ransomware groups at this time.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",7.8,HIGH,0.00279000005684793,false,true,false,true,true,false,false,2024-06-18T05:43:20.580Z,0
CVE-2024-37080,https://securityvulnerability.io/vulnerability/CVE-2024-37080,vCenter Server Heap Overflow Vulnerability,"VMware vCenter Server is susceptible to a heap overflow vulnerability associated with the DCERPC protocol implementation. Malicious actors with network access can exploit this flaw by sending a specially crafted network packet. This breach may result in remote code execution, granting unauthorized access and control over affected systems. Organizations utilizing vCenter Server should prioritize applying patches and updates to mitigate potential risks.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0009299999801442027,false,true,false,true,,false,false,2024-06-18T05:43:10.901Z,0
CVE-2024-37079,https://securityvulnerability.io/vulnerability/CVE-2024-37079,vCenter Server Heap Overflow Vulnerability,"vCenter Server is impacted by a heap-overflow vulnerability within its DCERPC protocol implementation. This flaw allows an attacker with network access to exploit the vulnerability by delivering specially crafted network packets. If executed successfully, this exploitation could lead to unauthorized remote code execution, posing severe risks to system integrity and confidentiality. It is critical for organizations using affected versions of vCenter Server to implement appropriate security measures to mitigate potential threats stemming from this vulnerability.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0009299999801442027,false,true,false,false,,true,false,2024-06-18T05:43:06.619Z,6722
CVE-2024-22275,https://securityvulnerability.io/vulnerability/CVE-2024-22275,vCenter Server Partial File Read Vulnerability,"The vCenter Server contains a vulnerability that allows a malicious actor, with administrative privileges on the vCenter appliance shell, to exploit a partial file read issue. This exploitation could enable the attacker to read arbitrary files that may contain sensitive information, posing a significant risk to the confidentiality of critical data managed within the vCenter environment.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation (vcenter Server)",4.9,MEDIUM,0.0004299999854993075,false,false,false,true,true,false,false,2024-05-21T17:29:45.562Z,0
CVE-2024-22274,https://securityvulnerability.io/vulnerability/CVE-2024-22274,VMware vCenter Server Remote Code Execution Vulnerability,"The vulnerability identified as CVE-2024-22274 affects VMware vCenter Server and allows a malicious actor with administrative privileges to run arbitrary commands on the underlying operating system. The vulnerability has been exploited and a proof-of-concept (PoC) exploit has been released, potentially allowing remote code execution. This poses a serious risk as it can give attackers full control of the affected system. The vulnerability affects specific API components and arbitrary commands can be executed with root privileges. VMware has recommended applying updates to the affected deployments and emphasizes the importance of maintaining up-to-date security measures in virtualization environments. Currently, no workarounds are available, and organizations are urged to assess their systems and apply the necessary updates to mitigate the risk of potential exploitation.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation (vcenter Server)",7.2,HIGH,0.0004299999854993075,false,true,false,true,true,false,false,2024-05-21T17:29:33.899Z,0
CVE-2024-22273,https://securityvulnerability.io/vulnerability/CVE-2024-22273,VMware ESXi Storage Controllers Vulnerable to Out-of-Bounds Read/Write Attacks,"The vulnerability involves an out-of-bounds read/write issue within the storage controllers of VMware ESXi, Workstation, and Fusion. A malicious actor with access to a virtual machine enabled with these storage controllers can exploit this vulnerability. The exploitation may result in a denial of service condition or allow the execution of arbitrary code on the hypervisor, especially when leveraged in conjunction with other vulnerabilities. This situation poses significant risk to virtualized environments relying on VMware's products, underscoring the necessity for timely security updates and patches.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation (esxi)",8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-21T17:29:05.426Z,0
CVE-2024-22255,https://securityvulnerability.io/vulnerability/CVE-2024-22255,Information disclosure vulnerability,"VMware ESXi, Workstation, and Fusion have a vulnerability within the UHCI USB controller that may lead to information disclosure. If an attacker gains administrative access to a virtual machine, they could potentially exploit this vulnerability to extract sensitive memory content from the vmx process, posing risks to data confidentiality and system integrity. Users are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-05T17:58:35.987Z,0
CVE-2024-22254,https://securityvulnerability.io/vulnerability/CVE-2024-22254,VMware ESXi Out-of-Bounds Write Vulnerability,"An out-of-bounds write vulnerability exists in VMware ESXi, specifically affecting the VMX process. This flaw allows a malicious actor with certain privileges to exploit the vulnerability, which may result in an escape from the sandbox environment. By manipulating memory effectively, an attacker could potentially execute arbitrary code outside the intended execution flow, compromising the integrity and security of the virtualized environment. Organizations using VMware ESXi should assess their systems and apply necessary patches to mitigate potential risks associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Cloud Foundation",7.9,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-03-05T17:58:24.341Z,0
CVE-2024-22253,https://securityvulnerability.io/vulnerability/CVE-2024-22253,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the UHCI USB controller. This flaw allows a malicious user with local administrative privileges on a virtual machine to exploit the vulnerability, potentially executing arbitrary code within the VMX process on the host system. On ESXi, this exploitation is limited to the VMX sandbox environment. In contrast, on Workstation and Fusion, successful exploitation could permit the execution of code directly on the host machine, posing a significant security risk to users.",VMware,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,true,false,false,,false,false,2024-03-05T17:57:27.297Z,0
CVE-2024-22252,https://securityvulnerability.io/vulnerability/CVE-2024-22252,Use-after-free vulnerability,"VMware ESXi, Workstation, and Fusion exhibit a use-after-free vulnerability associated with the XHCI USB controller. This threat arises from the ability of a malicious actor who has local administrative privileges on a virtual machine to exploit this vulnerability, potentially leading to code execution as the virtual machine's VMX process on the host. While exploitation on ESXi remains within the VMX sandbox, vulnerabilities in Workstation and Fusion may enable code execution on the host machines. Administrators should prioritize patching to mitigate potential security risks.",VMWare,"Vmware Esxi,Vmware Workstation,Vmware Fusion,Vmware Cloud Foundation",9.3,CRITICAL,0.0004299999854993075,false,true,false,true,,true,false,2024-03-05T17:57:22.043Z,3285
CVE-2023-34056,https://securityvulnerability.io/vulnerability/CVE-2023-34056,VMware vCenter Server Partial Information Disclosure Vulnerability,vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.,Vmware,"Vmware Vcenter Server,Vmware Cloud Foundation (vmware Vcenter Server)",4.3,MEDIUM,0.0005200000014156103,false,true,false,false,,false,false,2023-10-25T04:24:47.707Z,0
CVE-2023-34048,https://securityvulnerability.io/vulnerability/CVE-2023-34048,VMware vCenter Server contains critical out-of-bounds write vulnerability,"The articles discuss a critical out-of-bounds write vulnerability in VMware vCenter Server, known as CVE-2023-34048, which can potentially lead to remote code execution. This vulnerability has been exploited by the Chinese espionage group UNC3886 since late 2021, posing a serious threat to affected systems. The attackers were able to exploit this vulnerability to gain unauthorized access to vCenter systems, and further exploit other VMware flaws to execute arbitrary commands and transfer files. The potential impact of this vulnerability is severe, as it allows attackers to gain privileged access to systems and compromise them. VMware has released patches to address this vulnerability, and users are advised to update to the latest version to mitigate any potential threats. This case highlights the importance of timely patching and security vigilance to protect against advanced cyber threats.",Vmware,"Vmware Vcenter Server,Vmware Cloud Foundation (vmware Vcenter Server)",9.8,CRITICAL,0.42669999599456787,true,true,true,true,,true,false,2023-10-25T04:21:42.267Z,0
CVE-2023-20896,https://securityvulnerability.io/vulnerability/CVE-2023-20896,,"The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",5.9,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2023-06-22T13:15:00.000Z,0
CVE-2023-20892,https://securityvulnerability.io/vulnerability/CVE-2023-20892,VMware vCenter Server heap-overflow vulnerability,"The vCenter Server is vulnerable to a heap overflow caused by the use of uninitialized memory within the DCERPC protocol implementation. This flaw allows a malicious actor with network access to exploit the vulnerability, potentially executing arbitrary code on the operating system hosting the vCenter Server. Organizations are urged to implement immediate security measures to mitigate the risks associated with this vulnerability.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.002369999885559082,false,false,false,false,,false,false,2023-06-22T12:15:00.000Z,0
CVE-2023-20894,https://securityvulnerability.io/vulnerability/CVE-2023-20894,Out-of-Bounds Write Vulnerability in VMware vCenter Server,"The VMware vCenter Server has an out-of-bounds write vulnerability arising from the implementation of the DCERPC protocol. This security flaw allows a remote attacker with network access to the vCenter Server to exploit the vulnerability by crafting and sending a malicious packet. Successfully triggering the out-of-bounds write can lead to memory corruption, which may compromise the integrity and availability of vCenter Server services. Organizations utilizing affected versions should prioritize updating to mitigate potential security threats.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.002369999885559082,false,false,false,false,,false,false,2023-06-22T12:15:00.000Z,0
CVE-2023-20895,https://securityvulnerability.io/vulnerability/CVE-2023-20895,Memory Corruption Vulnerability in VMware vCenter Server,"The VMware vCenter Server has a significant memory corruption issue related to the handling of the DCERPC protocol. This vulnerability enables a malicious actor with network access to potentially disrupt normal operation, allowing them to bypass authentication mechanisms. If exploited, this could lead to unauthorized access, posing a serious threat to sensitive data and system integrity. It is crucial for users to stay informed about this vulnerability and apply necessary security updates promptly.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.0020099999383091927,false,false,false,false,,false,false,2023-06-22T12:15:00.000Z,0
CVE-2023-20893,https://securityvulnerability.io/vulnerability/CVE-2023-20893,Use-After-Free Vulnerability in VMware vCenter Server,"The vCenter Server from VMware is susceptible to a use-after-free vulnerability in its DCERPC protocol implementation. This vulnerability can be exploited by an attacker with network access to the vCenter Server, enabling them to execute arbitrary code on the underlying operating system. Organizations using affected versions should take immediate steps to assess their exposure and apply necessary security updates to mitigate risks.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.003370000049471855,false,false,false,false,,false,false,2023-06-22T12:15:00.000Z,0
CVE-2023-20884,https://securityvulnerability.io/vulnerability/CVE-2023-20884,,VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.,Vmware,"VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)",6.1,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2023-05-30T16:15:00.000Z,0