Filtered by vendor Vmware
Subscriptions
Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22056 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-08-03 | 7.5 High |
| VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. | ||||
| CVE-2021-22026 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-08-03 | 7.5 High |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | ||||
| CVE-2021-22033 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager | 2024-08-03 | 2.7 Low |
| Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2021-22047 | 1 Vmware | 1 Spring Data Rest | 2024-08-03 | 5.3 Medium |
| In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. | ||||
| CVE-2021-22027 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-08-03 | 7.5 High |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | ||||
| CVE-2021-22041 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-08-03 | 6.7 Medium |
| VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | ||||
| CVE-2021-22042 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-08-03 | 7.8 High |
| VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user. | ||||
| CVE-2021-22054 | 1 Vmware | 1 Workspace One Uem Console | 2024-08-03 | 7.5 High |
| VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | ||||
| CVE-2021-22050 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-08-03 | 7.5 High |
| ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests. | ||||
| CVE-2021-22034 | 1 Vmware | 1 Vrealize Operations Tenant | 2024-08-03 | 7.5 High |
| Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | ||||
| CVE-2021-22118 | 4 Netapp, Oracle, Redhat and 1 more | 34 Hci, Management Services For Element Software, Commerce Guided Search and 31 more | 2024-08-03 | 7.8 High |
| In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | ||||
| CVE-2021-22019 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.5 High |
| The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. | ||||
| CVE-2021-22016 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 6.1 Medium |
| The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. | ||||
| CVE-2021-22119 | 3 Oracle, Redhat, Vmware | 3 Communications Cloud Native Core Policy, Jboss Fuse, Spring Security | 2024-08-03 | 7.5 High |
| Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. | ||||
| CVE-2021-22017 | 1 Vmware | 1 Vcenter Server | 2024-08-03 | 5.3 Medium |
| Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. | ||||
| CVE-2021-22051 | 1 Vmware | 1 Spring Cloud Gateway | 2024-08-03 | 6.5 Medium |
| Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. | ||||
| CVE-2021-22055 | 1 Vmware | 1 Photon Os | 2024-08-03 | 5.3 Medium |
| The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. | ||||
| CVE-2021-22020 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 5.5 Medium |
| The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. | ||||
| CVE-2021-22044 | 1 Vmware | 1 Spring Cloud Openfeign | 2024-08-03 | 7.5 High |
| In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | ||||
| CVE-2021-22113 | 1 Vmware | 1 Spring Cloud Netflix Zuul | 2024-08-03 | 5.3 Medium |
| Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. | ||||