Versions
4.x
VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x
5.x
3.x before 3.10.1.2
Multiple
VMware NSX 4.1.x, NSX-T 3.2.x
VMware vCenter Server 6.7 before 6.7 U3o and VMware Cloud Foundation 3.x before 3.10.2.2
VMware vCenter Server 7.x before 7.0.2 U2d and VMware Cloud Foundation 4.x before 4.3.1
4.x before 4.2 and 3.x
VMware NSX 4.x, VMware Cloud Foundation 5.x
VMware vRealize Orchestrator 8.x
4.x before 4.2
VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)
VMware Cloud Foundation 4.x (before 4.3.1.1) and 3.x
Recent CVEs
CVE-2024-38815
VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.
CVE-2024-38818
VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.
CVE-2024-38817
VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.
CVE-2024-38813
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVE-2024-22255
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVE-2024-22254
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.
CVE-2024-22253
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.