Vulnerabilities > Vmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-30 | CVE-2021-22023 | Authorization Bypass Through User-Controlled Key vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. | 6.5 |
2021-08-30 | CVE-2021-22024 | Information Exposure Through Log Files vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. | 5.0 |
2021-08-30 | CVE-2021-22025 | Improper Authentication vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. | 5.0 |
2021-08-30 | CVE-2021-22026 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. | 5.0 |
2021-08-30 | CVE-2021-22027 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. | 5.0 |
2021-07-13 | CVE-2021-21994 | Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. | 6.8 |
2021-07-13 | CVE-2021-21995 | Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. | 5.0 |
2021-07-13 | CVE-2021-22000 | Improper Privilege Management vulnerability in VMWare Thinapp VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. | 6.9 |
2021-06-29 | CVE-2021-22119 | Incorrect Authorization vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. | 7.5 |
2021-06-28 | CVE-2021-32719 | Cross-site Scripting vulnerability in VMWare Rabbitmq RabbitMQ is a multi-protocol messaging broker. | 3.5 |