Lucene search
+L

218 matches found

Prion
Prion
added 2021/05/26 3:15 p.m.39 views

Remote code execution

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10CVSS9.8AI score0.99999EPSS
Exploits13References3Affected Software2
Cvelist
Cvelist
added 2021/05/26 2:4 p.m.62 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10AI score0.99999EPSS
Exploits13References3
Vulnrichment
Vulnrichment
added 2021/05/26 2:4 p.m.14 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10AI score0.99999EPSS
Exploits13References3
CVE
CVE
added 2021/05/26 2:4 p.m.1642 views

CVE-2021-21985

CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...

10CVSS9.8AI score0.99999EPSS
In wildExploits13References4Affected Software1
seebug.org
seebug.org
added 2021/05/26 12:0 a.m.207 views

VMware vCenter Server远程代码执行漏洞(CVE-2021-21985)

Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...

10CVSS0.3AI score0.99999EPSS
Exploits58
ATTACKERKB
ATTACKERKB
added 2021/05/26 12:0 a.m.468 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10CVSS8.8AI score0.99999EPSS
In wildExploits58References4
Positive Technologies
Positive Technologies
added 2021/05/25 12:0 a.m.6 views

PT-2021-3176

Name of the Vulnerable Software and Affected Versions vSphere Client HTML5 affected versions not specified VMware vCenter Server affected versions not specified Description The issue exists due to insufficient input validation in the Virtual SAN Health Check plug-in, which is enabled by default i...

10CVSS9.2AI score0.99999EPSS
Exploits13References38
VMware
VMware
added 2021/05/23 12:0 a.m.106 views

VMSA-2021-0010:VMware vCenter Server updates address remote code execution and authentication vulnerabilities

Advisory ID: VMSA-2021-0010 CVSSv3 Range: 6.5-9.8 Issue Date:2021-05-25 Updated On: 2021-05-25 Initial Advisory CVEs: CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities CVE-2021-21985, CVE-2021-21986 RSS Feed...

10CVSS10AI score0.99999EPSS
Exploits13References53Affected Software2
vulnersOsv
vulnersOsv
added 2021/04/22 4:16 p.m.6 views

com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)

io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...

8.8CVSS7.2AI score0.0058EPSS
Exploits0
NVD
NVD
added 2020/11/04 3:15 p.m.30 views

CVE-2020-2302

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...

4.3CVSS4.5AI score0.00668EPSS
Exploits0References1
OSV
OSV
added 2020/11/04 3:15 p.m.13 views

CVE-2020-2302

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...

4.3CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2020/11/04 3:15 p.m.18 views

Design/Logic Flaw

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...

4CVSS4.4AI score0.00668EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/04 2:35 p.m.31 views

CVE-2020-2302

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...

4.4AI score0.00668EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.6 views

PT-2020-15532 · Jenkins · Jenkins Active Directory Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.19 and earlier Description: A missing permission check in the Jenkins Active Directory Plugin allows attackers with Overall/Read permission to access the domain health check diagnostic page. This iss...

4.3CVSS4.3AI score0.00668EPSS
Exploits0References6
ossfuzz
ossfuzz
added 2020/10/02 4:25 p.m.16 views

envoy:health_check_fuzz_test: Crash in std::__1::vector<std::__1::unique_ptr<Envoy::Upstream::HttpHealthCheckerImplTest

Project: https://github.com/envoyproxy/envoy.git Detailed Report: https://oss-fuzz.com/testcase?key=5662540920782848 Project: envoy Fuzzing Engine: libFuzzer Fuzz Target: healthcheckfuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000001990 Cra...

6.8AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2020/09/03 7:5 p.m.5 views

lyra-workflow (>=0.1.2 <=0.1.2-rc.1) potentially affected by unknown CVE via grpc-ts-health-check (=1.0.14)

grpc-ts-health-check NPM version =1.0.14 is affected by a known vulnerability. The following packages have a transitive dependency on grpc-ts-health-check and may be impacted: - lyra-workflow =0.1.2, =0.1.2-rc.1 Source cves: unknown CVE Source advisory: OSV:GHSA-M86M-5M44-PC93...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/03 7:5 p.m.21 views

Denial of Service in grpc-ts-health-check

Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status...

4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 7:5 p.m.13 views

GHSA-M86M-5M44-PC93 Denial of Service in grpc-ts-health-check

Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status...

6.9AI score
Exploits0References1
Citrix
Citrix
added 2020/06/12 12:0 a.m.12 views

Server VDA suddenly goes to unregistered state with error: The Security Support Provider Interface (SSPI) negotiation failed.

Studio shows as unregistered. Ping works fine. VDA registration health check tool passes all the tests. Error: Exception System.ComponentModel.Win32Exception 0x80004005: The Security Support Provider Interface SSPI negotiation failed...

7.1AI score
Exploits0
Veeam
Veeam
added 2020/03/17 12:0 a.m.21 views

Data corruption due to unreliable SMB (CIFS) shares

Challenge Storages that use the SMB CIFS protocol without the continuous availability and write-through features can cause data corruption in case of technical outages. This can lead to restore or backup problems. Cause If shares operate without the continuous availability feature in the...

7AI score
Exploits0
Rows per page
Query Builder