Filtered by vendor Vmware
Subscriptions
Filtered by product Vcenter Server
Subscriptions
Total
73 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-21986 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 9.8 Critical |
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication. | ||||
CVE-2021-21992 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 6.5 Medium |
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. | ||||
CVE-2021-21973 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 5.3 Medium |
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | ||||
CVE-2021-21980 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.5 High |
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | ||||
CVE-2022-31698 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 5.3 Medium |
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | ||||
CVE-2022-31680 | 1 Vmware | 1 Vcenter Server | 2024-08-03 | 9.1 Critical |
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. | ||||
CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 5.5 Medium |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | ||||
CVE-2022-22982 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.5 High |
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | ||||
CVE-2023-20894 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 8.1 High |
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | ||||
CVE-2023-20896 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 5.9 Medium |
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | ||||
CVE-2023-20892 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 8.1 High |
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | ||||
CVE-2023-20895 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 8.1 High |
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | ||||
CVE-2023-20893 | 1 Vmware | 1 Vcenter Server | 2024-08-02 | 8.1 High |
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. |