CVSS: 5.3EPSS: 12%CPEs: 43EXPL: 1CVE-2021-21973 – VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-21973
24 Feb 2021 — The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contie... • https://github.com/freakanonymous/CVE-2021-21973-Automateme • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 97%CPEs: 43EXPL: 36CVE-2021-21972 – VMware vCenter Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21972
24 Feb 2021 — The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad de ... • https://packetstorm.news/files/id/161695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 90%CPEs: 233EXPL: 7CVE-2021-21974 – VMware ESXi SLP Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21974
24 Feb 2021 — OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. OpenSLP como es usado en ESXi (versiones 7.0 anteriores a ESXi70U1c-17325551, versiones 6.7 anteriores a ESXi670-202102401-SG, versiones 6.5 anteriores a ESXi6... • https://packetstorm.news/files/id/162957 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 184EXPL: 0CVE-2020-4004
https://notcve.org/view.php?id=CVE-2020-4004
20 Nov 2020 — VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, versiones 6.7 anteriores a ESXi670-2020... • https://www.vmware.com/security/advisories/VMSA-2020-0026.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 181EXPL: 0CVE-2020-4005
https://notcve.org/view.php?id=CVE-2020-4005
20 Nov 2020 — VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, ... • https://www.vmware.com/security/advisories/VMSA-2020-0026.html •
CVSS: 5.3EPSS: 0%CPEs: 175EXPL: 0CVE-2020-3995
https://notcve.org/view.php?id=CVE-2020-3995
20 Oct 2020 — In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time. En VMware ESXi (versiones 6.7 anteriores a ESXi670-201908101-SG, versio... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.4EPSS: 0%CPEs: 30EXPL: 0CVE-2020-3994
https://notcve.org/view.php?id=CVE-2020-3994
20 Oct 2020 — VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. VMware vCenter Server (versiones 6.7 anteriores a 6.7u3, versiones 6.6 anterior... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3993
https://notcve.org/view.php?id=CVE-2020-3993
20 Oct 2020 — VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. VMware NSX-T (versiones 3.x anteriores 3.0.2, versiones 2.5.x anteriores a 2.5.2.2.0), contiene una vulnerabilidad de seguridad que se presenta en la manera en que permite que un host KVM descargue e instale paquetes de... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html •
CVSS: 10.0EPSS: 40%CPEs: 224EXPL: 2CVE-2020-3992 – VMware ESXi OpenSLP Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-3992
20 Oct 2020 — OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. OpenSLP como es usado en VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202010401-SG, versiones 6.5... • https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 226EXPL: 0CVE-2020-3982 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3982
20 Oct 2020 — VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.168... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •