CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-4920
https://notcve.org/view.php?id=CVE-2017-4920
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. La implementación del protocolo OSPF en VMware NSX-V Edge en versiones 6.2.x anteriores a la 6.2.8 y NSX-V Edge en versiones 6.3.x anteriores a la 6.3.3 no gestiona correctamente el LSA (link-state advertisement). Un LSA no autorizado podría explotar este problema, resultando en el envío continuo de LSA entre dos routers, lo que acabaría por provocar un bucle o la pérdida de la conectividad. • http://www.securityfocus.com/bid/100277 https://www.vmware.com/security/advisories/VMSA-2017-0014.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2017-4929
https://notcve.org/view.php?id=CVE-2017-4929
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. VMware NSX Edge (en versioens 6.2.x anteriores a la 6.2.9 y versiones 6.3.x anteriroes a la 6.3.5) contiene un error de Cross-Site Scripting (XSS) moderado que puede dar lugar a una revelación de información. • http://www.securityfocus.com/bid/101891 http://www.securitytracker.com/id/1039837 https://www.vmware.com/security/advisories/VMSA-2017-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0CVE-2016-2079
https://notcve.org/view.php?id=CVE-2016-2079
VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors. VMware NSX Edge 6.1 en versiones anteriores a 6.1.7 y 6.2 en versiones anteriores a 6.2.3 y vCNS Edge 5.5 en versiones anteriores a 5.5.4.3, cuando la característica SSL-VPN está configurada, permiten a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id/1036077 http://www.vmware.com/security/advisories/VMSA-2016-0007.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •