Filtered by vendor Vmware
Subscribe
Total
780 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2021-11-08 | 5.0 MEDIUM | N/A |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2021-11-08 | 5.0 MEDIUM | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||||
| CVE-2016-5330 | 3 Apple, Microsoft, Vmware | 7 Mac Os X, Windows, Esxi and 4 more | 2021-11-05 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2021-22037 | 1 Vmware | 1 Installbuilder | 2021-11-03 | 4.4 MEDIUM | 7.8 HIGH |
| Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers. | |||||
| CVE-2021-22038 | 1 Vmware | 1 Installbuilder | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers. | |||||
| CVE-2019-3795 | 2 Debian, Vmware | 2 Debian Linux, Spring Security | 2021-11-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. | |||||
| CVE-2021-22047 | 1 Vmware | 1 Spring Data Rest | 2021-11-01 | 4.3 MEDIUM | 5.3 MEDIUM |
| In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. | |||||
| CVE-2021-22097 | 1 Vmware | 1 Spring Advanced Message Queuing Protocol | 2021-11-01 | 6.8 MEDIUM | 6.5 MEDIUM |
| In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called. | |||||
| CVE-2021-22036 | 1 Vmware | 2 Vrealize Automation, Vrealize Orchestrator | 2021-10-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. | |||||
| CVE-2021-22035 | 1 Vmware | 3 Cloud Foundation, Vrealize Log Insight, Vrealize Suite Lifecycle Manager | 2021-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. | |||||
| CVE-2021-22033 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager | 2021-10-19 | 4.0 MEDIUM | 2.7 LOW |
| Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2021-22018 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-30 | 6.4 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. | |||||
| CVE-2021-22019 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. | |||||
| CVE-2021-22020 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-30 | 2.1 LOW | 5.5 MEDIUM |
| The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. | |||||
| CVE-2020-3960 | 1 Vmware | 3 Fusion, Vsphere Esxi, Workstation | 2021-09-27 | 3.6 LOW | 8.4 HIGH |
| VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory. | |||||
| CVE-2021-21993 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. | |||||
| CVE-2021-22006 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. | |||||
| CVE-2021-22010 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. | |||||
| CVE-2021-22011 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. | |||||
| CVE-2021-22013 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||