Search Results (Refine Search)

Search Parameters:
There are 161,307 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2021-22020

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.

Published: September 23, 2021; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

Published: September 23, 2021; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22018

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

Published: September 23, 2021; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22017

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

Published: September 23, 2021; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22016

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.

Published: September 23, 2021; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22015

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.

Published: September 23, 2021; 9:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.

Published: September 23, 2021; 8:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Published: September 23, 2021; 8:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22012

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Published: September 23, 2021; 8:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22011

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22010

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22007

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22006

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21993

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

Published: September 23, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10

Published: September 23, 2021; 4:15:06 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34770

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.

Published: September 22, 2021; 11:15:20 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34769

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Published: September 22, 2021; 11:15:20 PM -0400
V3.x:(not available)
V2.0:(not available)