CVE-2021-22055
https://notcve.org/view.php?id=CVE-2021-22055
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. El SchedulerServer en Vmware photon permite a atacantes remotos inyectar registrosmedainte \r en el parámetro del paquete. Los atacantes también pueden insertar datos maliciosos y entradas falsas • https://github.com/vmware/photon/wiki/log_injection_vulnerability • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2020-10713 – grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
https://notcve.org/view.php?id=CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://www.openwall.com/lists/oss-security/2020/07/29/3 https://bugzilla.redhat.com/show_bug.cgi?id=1825243 https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713 https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot https://kb.vmware.com/s/article/80181 https://security.gentoo.org/glsa/202104-05 https://security. • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2016-5333
https://notcve.org/view.php?id=CVE-2016-5333
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. VMware Photos OS OVA 1.0 en versiones anteriores a 2016-08-14 tiene una clave pública SSH por defecto en un archivo authorized_keys, lo que permite a atacantes remotos obtener acceso SSH aprovechando el conocimiento de la clave privada. • http://www.securityfocus.com/bid/92474 http://www.securitytracker.com/id/1036628 http://www.theregister.co.uk/2016/08/16/vmware_shipped_public_key_with_its_photon_osforcontainers http://www.vmware.com/security/advisories/VMSA-2016-0012.html • CWE-798: Use of Hard-coded Credentials •