CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-1080
https://notcve.org/view.php?id=CVE-2021-1080
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5172 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 13%CPEs: 43EXPL: 1CVE-2021-21973 – VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-21973
A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). ...  Esto afecta a: VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a 6.5 U3n) y VMware Cloud Foundation (versiones 4.x anteriores a 4.2 y versiones 3.x anteriores a 3.10.1.2) VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. • https://github.com/freakanonymous/CVE-2021-21973-Automateme https://www.vmware.com/security/advisories/VMSA-2021-0002.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1064
https://notcve.org/view.php?id=CVE-2021-1064
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1063
https://notcve.org/view.php?id=CVE-2021-1063
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1061
https://notcve.org/view.php?id=CVE-2021-1061
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5142 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •