Filtered by vendor Vmware
Subscribe
Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22008 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. | |||||
| CVE-2021-22037 | 1 Vmware | 1 Installbuilder | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
| Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers. | |||||
| CVE-2021-22011 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. | |||||
| CVE-2021-22003 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | |||||
| CVE-2021-1083 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4). | |||||
| CVE-2021-1080 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7). | |||||
| CVE-2021-1087 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7). | |||||
| CVE-2021-21986 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication. | |||||
| CVE-2021-22118 | 3 Netapp, Oracle, Vmware | 32 Hci, Management Services For Element Software, Commerce Guided Search and 29 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | |||||
| CVE-2021-22119 | 2 Oracle, Vmware | 2 Communications Cloud Native Core Policy, Spring Security | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. | |||||
| CVE-2021-22024 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | |||||
| CVE-2021-32719 | 1 Vmware | 1 Rabbitmq | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
| RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead. | |||||
| CVE-2021-22116 | 2 Debian, Vmware | 2 Debian Linux, Rabbitmq | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. | |||||
| CVE-2021-21987 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
| VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. | |||||
| CVE-2021-22021 | 1 Vmware | 2 Cloud Foundation, Vrealize Log Insight | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. | |||||
| CVE-2021-21981 | 1 Vmware | 1 Nsx-t Data Center | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. | |||||
| CVE-2021-1086 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7). | |||||
| CVE-2021-22025 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. | |||||
| CVE-2021-21983 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-02-28 | 8.5 HIGH | 6.5 MEDIUM |
| Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | |||||
| CVE-2021-22027 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | |||||