Filtered by vendor Vmware Subscriptions
Total 902 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-22097 1 Vmware 1 Spring Advanced Message Queuing Protocol 2024-11-21 6.5 Medium
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
CVE-2021-22096 4 Netapp, Oracle, Redhat and 1 more 12 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 9 more 2024-11-21 4.3 Medium
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVE-2021-22095 1 Vmware 1 Spring Advanced Message Queuing Protocol 2024-11-21 6.5 Medium
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
CVE-2021-22060 3 Oracle, Redhat, Vmware 4 Communications Cloud Native Core Console, Communications Cloud Native Core Service Communication Proxy, Jboss Fuse and 1 more 2024-11-21 4.3 Medium
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
CVE-2021-22057 2 Linux, Vmware 2 Linux Kernel, Workspace One Access 2024-11-21 8.8 High
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
CVE-2021-22056 2 Linux, Vmware 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more 2024-11-21 7.5 High
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
CVE-2021-22055 1 Vmware 1 Photon Os 2024-11-21 5.3 Medium
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.
CVE-2021-22054 1 Vmware 1 Workspace One Uem Console 2024-11-21 7.5 High
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
CVE-2021-22053 1 Vmware 1 Spring Cloud Netflix 2024-11-21 8.8 High
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
CVE-2021-22051 1 Vmware 1 Spring Cloud Gateway 2024-11-21 6.5 Medium
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
CVE-2021-22050 1 Vmware 2 Cloud Foundation, Esxi 2024-11-21 7.5 High
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
CVE-2021-22049 1 Vmware 1 Vcenter Server 2024-11-21 9.8 Critical
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVE-2021-22048 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 8.8 High
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
CVE-2021-22047 1 Vmware 1 Spring Data Rest 2024-11-21 5.3 Medium
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
CVE-2021-22045 2 Apple, Vmware 5 Mac Os X, Cloud Foundation, Esxi and 2 more 2024-11-21 7.8 High
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
CVE-2021-22044 1 Vmware 1 Spring Cloud Openfeign 2024-11-21 7.5 High
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.
CVE-2021-22043 1 Vmware 2 Esxi, Fusion 2024-11-21 7.5 High
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.
CVE-2021-22042 1 Vmware 2 Cloud Foundation, Esxi 2024-11-21 7.8 High
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
CVE-2021-22041 1 Vmware 4 Cloud Foundation, Esxi, Fusion and 1 more 2024-11-21 6.7 Medium
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVE-2021-22040 1 Vmware 5 Cloud Foundation, Esxi, Fusion and 2 more 2024-11-21 6.7 Medium
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.