CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-1081
https://notcve.org/view.php?id=CVE-2021-1081
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5172 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-1080
https://notcve.org/view.php?id=CVE-2021-1080
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5172 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 14%CPEs: 43EXPL: 1CVE-2021-21973 – VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-21973
A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). ...  Esto afecta a: VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a 6.5 U3n) y VMware Cloud Foundation (versiones 4.x anteriores a 4.2 y versiones 3.x anteriores a 3.10.1.2) VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. • https://github.com/freakanonymous/CVE-2021-21973-Automateme https://www.vmware.com/security/advisories/VMSA-2021-0002.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1064
https://notcve.org/view.php?id=CVE-2021-1064
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1063
https://notcve.org/view.php?id=CVE-2021-1063
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-125: Out-of-bounds Read •