CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21989 – VMware Workstation ThinPrint TTCHeader Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-21989
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (versiones 16.x anteriores a 16.1.2) y Horizon Client para Windows (versiones 5.x anteriores a 5.5.2) contienen una vulnerabilidad de lectura fuera de límites en el componente Cortado ThinPrint (TTC Parser). Un actor malicioso con acceso a una máquina virtual o un escritorio remoto puede ser capaz de explotar estos problemas conllevando a una divulgación de información del proceso TPView que se ejecuta en el sistema donde está instalado Workstation o Horizon Client para Windows This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ThinPrint component. • https://www.vmware.com/security/advisories/VMSA-2021-0009.html https://www.zerodayinitiative.com/advisories/ZDI-21-610 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21988 – VMware Workstation ThinPrint JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-21988
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (versiones 16.x anteriores a 16.1.2) y Horizon Client para Windows (versiones 5.x anteriores a 5.5.2) contienen una vulnerabilidad de lectura fuera de límites en el componente Cortado ThinPrint (JPEG2000 Parser). Un actor malicioso con acceso a una máquina virtual o escritorio remoto puede explotar estos problemas que conllevan a una divulgación de información del proceso TPView que se ejecuta en el sistema donde está instalado Workstation o Horizon Client para Windows This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ThinPrint component. • https://www.vmware.com/security/advisories/VMSA-2021-0009.html https://www.zerodayinitiative.com/advisories/ZDI-21-609 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21987 – VMware Workstation ThinPrint TTCHeader Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-21987
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (16.x versiones anteriores a 16.1.2) y Horizon Client para Windows (5.x versiones anteriores a 5.5.2) contienen una vulnerabilidad de lectura fuera de límites en el componente Cortado ThinPrint (TTC Parser). Un actor malicioso con acceso a una máquina virtual o escritorio remoto puede explotar estos problemas que conllevan a la divulgación de información del proceso TPView que se ejecuta en el sistema donde está instalado Workstation o Horizon Client para Windows This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ThinPrint component. • https://www.vmware.com/security/advisories/VMSA-2021-0009.html https://www.zerodayinitiative.com/advisories/ZDI-21-608 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22117
https://notcve.org/view.php?id=CVE-2021-22117
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. Los instaladores de RabbitMQ en Windows anterior a versión 3.8.16, no endurecen los permisos de los directorios de los plugins, permitiendo potencialmente a atacantes con suficientes permisos del sistema de archivos local añadir plugins arbitrarios • https://tanzu.vmware.com/security/cve-2021-22117 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 1CVE-2021-21990
https://notcve.org/view.php?id=CVE-2021-21990
VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response. Consola de VMware Workspace one UEM (versiones 2102 anteriores a 21.2.0.8, versiones 2101 anteriores a 21.1.0.14, versiones 2011 anteriores a 20.11.0.27, versiones 2010 anteriores a 20.10.0.16,2008 versiones anteriores a 20.8.0.28, versiones 2007 anteriores a 20.7.0.14, versiones 2006 anteriores a 20.6.0.19, versiones 2005 anteriores a 20.5.0.46, versiones 2004 anteriores a 20.4.0.21, versiones 2003 anteriores a 20.3.0.23, versiones 2001 anteriores a 20.1.0.32, versiones 1912 anteriores a 19.12.0.24), contienen una vulnerabilidad de tipo cross-site scripting. La consola VMware Workspace ONE UEM no comprueba las peticiones entrantes durante la inscripción del dispositivo después de generar una entrada no saneada en el dispositivo usuario en respuesta • https://herolab.usd.de/security-advisories/usd-2021-0008 https://www.vmware.com/security/advisories/VMSA-2021-0008.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •