Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-22010 Resource Exhaustion vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a denial-of-service vulnerability in VPXD service.
network
low complexity
vmware CWE-400
7.5
2021-09-23 CVE-2021-22011 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library.
network
low complexity
vmware
5.3
2021-09-23 CVE-2021-22012 Missing Authentication for Critical Function vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API.
network
low complexity
vmware CWE-306
7.5
2021-09-23 CVE-2021-22013 Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API.
network
low complexity
vmware CWE-22
7.5
2021-09-23 CVE-2021-22014 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure).
network
low complexity
vmware
7.2
2021-09-22 CVE-2021-21991 Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens.
local
low complexity
vmware
7.8
2021-09-22 CVE-2021-21992 Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing.
network
low complexity
vmware
6.5
2021-09-15 CVE-2020-3960 Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality.
local
low complexity
vmware CWE-125
8.4
2021-08-31 CVE-2021-22002 Improper Authentication vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header.
network
low complexity
vmware CWE-287
critical
9.8
2021-08-31 CVE-2021-22003 Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443.
network
low complexity
vmware CWE-307
7.5