CVSS: 5.3EPSS: 87%CPEs: 43EXPL: 1CVE-2021-21973 – VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-21973
24 Feb 2021 — A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). ... Esto afecta a: VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a ... • https://github.com/freakanonymous/CVE-2021-21973-Automateme • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1064
https://notcve.org/view.php?id=CVE-2021-1064
08 Jan 2021 — NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1063
https://notcve.org/view.php?id=CVE-2021-1063
08 Jan 2021 — NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1061
https://notcve.org/view.php?id=CVE-2021-1061
08 Jan 2021 — NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1059
https://notcve.org/view.php?id=CVE-2021-1059
08 Jan 2021 — NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1057
https://notcve.org/view.php?id=CVE-2021-1057
08 Jan 2021 — NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4003
https://notcve.org/view.php?id=CVE-2020-4003
24 Nov 2020 — VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure. Se detectó que VMware SD-WAN Orchestrator versiones 3.3.2 anteriores a 3.3.2 P3, versiones 3.4.x anteriores a 3.4.4 y versiones 4.0.x anteriores a 4.0.1, e... • http://www.vmware.com/security/advisories/VMSA-2020-0025.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3998
https://notcve.org/view.php?id=CVE-2020-3998
23 Oct 2020 — VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. ... VMware Horizon Client para Windows (versiones 5.x anteriores a 5.5.0), contiene una vulnerabilidad de divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2020-0024.html •
CVSS: 6.0EPSS: 0%CPEs: 225EXPL: 0CVE-2020-3981 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3981
20 Oct 2020 — VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202008101-SG, versiones 6.5 anteriores a ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x antes de 11.5.6), contienen una vulnerabilidad de lectura fuera de límites debido a un problema time-of-check time-of-use en el dispositivo ACPI. Un actor malicioso con acceso administrativo a una máquina virtual puede ser capaz de explotar este problema para filtrar la memoria del proceso vmx This vul... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-125: Out-of-bounds Read CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24623 – Hewlett Packard Enterprise Universal API Framework uaf_token SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24623
18 Sep 2020 — The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). ... La vulnerabilidad podría ser explotada remotamente para permitir una inyección SQL en HPE Universal API Framework para VMware Esxi versión v2.5.2 y HPE Universal API Framework para Microsoft Hyper-V (VHD) This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04024en_us • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •