CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38815
https://notcve.org/view.php?id=CVE-2024-38815
09 Oct 2024 — VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38818
https://notcve.org/view.php?id=CVE-2024-38818
09 Oct 2024 — VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38817
https://notcve.org/view.php?id=CVE-2024-38817
09 Oct 2024 — Mware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20868
https://notcve.org/view.php?id=CVE-2023-20868
26 May 2023 — NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. • https://www.vmware.com/security/advisories/VMSA-2023-0010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 2%CPEs: 2EXPL: 0CVE-2022-31678
https://notcve.org/view.php?id=CVE-2022-31678
28 Oct 2022 — VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. VMware Cloud Foundation (NSX-V) contiene una vulnerabilidad de entidad externa XML (XXE). En instancias VCF 3.x con NSX-V implementado, esto puede permitir que un usuario aproveche este problema y provoque una condición de Denegación de Servicio o divulgación de... • https://www.vmware.com/security/advisories/VMSA-2022-0027.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22945
https://notcve.org/view.php?id=CVE-2022-22945
16 Feb 2022 — VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. VMware NSX Edge contiene una vulnerabilidad de inyección de shell CLI. Un actor malicioso con acceso SSH a un dispositivo NSX-Edge puede ejecutar comandos arbitrarios en el sistema operativo como root • https://www.vmware.com/security/advisories/VMSA-2022-0005.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21981
https://notcve.org/view.php?id=CVE-2021-21981
19 Apr 2021 — VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. VMware NSX-T, contiene una vulnerabilidad de escalada de privilegios debido a un problema con la asignación de roles RBAC (control de acceso basado en roles). Una explotación con éxito de este problema puede permitir a atacantes... • https://www.vmware.com/security/advisories/VMSA-2021-0006.html • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3993
https://notcve.org/view.php?id=CVE-2020-3993
20 Oct 2020 — VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. VMware NSX-T (versiones 3.x anteriores 3.0.2, versiones 2.5.x anteriores a 2.5.2.2.0), contiene una vulnerabilidad de seguridad que se presenta en la manera en que permite que un host KVM descargue e instale paquetes de... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html •
CVSS: 8.1EPSS: 92%CPEs: 1EXPL: 4CVE-2018-6961 – VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-6961
11 Jun 2018 — VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution. VMware NSX SD-WAN Edge by VeloCloud en versiones anteriores a la 3.1.0 contiene una vulnerabilidad de inyección de comandos en e... • https://packetstorm.news/files/id/148379 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-4920
https://notcve.org/view.php?id=CVE-2017-4920
05 Dec 2017 — The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. La implementación del protocolo OSPF en VMware NSX-V Edge en versiones 6.2.x anteriores a la 6.2.8 y NSX-V Edge en versiones 6.3.x anteriores a la 6.3.3 no gestiona correctamente el LSA (l... • http://www.securityfocus.com/bid/100277 • CWE-400: Uncontrolled Resource Consumption •