Filtered by vendor Vmware
Subscribe
Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22049 | 1 Vmware | 1 Vcenter Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | |||||
| CVE-2021-22005 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. | |||||
| CVE-2021-22036 | 1 Vmware | 2 Vrealize Automation, Vrealize Orchestrator | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. | |||||
| CVE-2021-22054 | 1 Vmware | 1 Workspace One Uem Console | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | |||||
| CVE-2021-22018 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. | |||||
| CVE-2021-21993 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. | |||||
| CVE-2022-22938 | 2 Microsoft, Vmware | 3 Windows, Horizon, Workstation | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
| VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. | |||||
| CVE-2021-22095 | 1 Vmware | 1 Spring Advanced Message Queuing Protocol | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message | |||||
| CVE-2021-22045 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. | |||||
| CVE-2021-22044 | 1 Vmware | 1 Spring Cloud Openfeign | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | |||||
| CVE-2021-22096 | 3 Netapp, Oracle, Vmware | 8 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 5 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | |||||
| CVE-2021-21991 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). | |||||
| CVE-2021-22009 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. | |||||
| CVE-2021-22060 | 2 Oracle, Vmware | 3 Communications Cloud Native Core Console, Communications Cloud Native Core Service Communication Proxy, Spring Framework | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. | |||||
| CVE-2021-22033 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
| Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2021-22034 | 1 Vmware | 1 Vrealize Operations Tenant | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | |||||
| CVE-2021-22014 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server. | |||||
| CVE-2021-22013 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2021-22006 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. | |||||
| CVE-2021-21980 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||