218 matches found
Remote code execution
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...
VMware vCenter Server远程代码执行漏洞(CVE-2021-21985)
Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
PT-2021-3176
Name of the Vulnerable Software and Affected Versions vSphere Client HTML5 affected versions not specified VMware vCenter Server affected versions not specified Description The issue exists due to insufficient input validation in the Virtual SAN Health Check plug-in, which is enabled by default i...
VMSA-2021-0010:VMware vCenter Server updates address remote code execution and authentication vulnerabilities
Advisory ID: VMSA-2021-0010 CVSSv3 Range: 6.5-9.8 Issue Date:2021-05-25 Updated On: 2021-05-25 Initial Advisory CVEs: CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities CVE-2021-21985, CVE-2021-21986 RSS Feed...
com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)
io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...
CVE-2020-2302
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...
CVE-2020-2302
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...
Design/Logic Flaw
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...
CVE-2020-2302
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page...
PT-2020-15532 · Jenkins · Jenkins Active Directory Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.19 and earlier Description: A missing permission check in the Jenkins Active Directory Plugin allows attackers with Overall/Read permission to access the domain health check diagnostic page. This iss...
envoy:health_check_fuzz_test: Crash in std::__1::vector<std::__1::unique_ptr<Envoy::Upstream::HttpHealthCheckerImplTest
Project: https://github.com/envoyproxy/envoy.git Detailed Report: https://oss-fuzz.com/testcase?key=5662540920782848 Project: envoy Fuzzing Engine: libFuzzer Fuzz Target: healthcheckfuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000001990 Cra...
lyra-workflow (>=0.1.2 <=0.1.2-rc.1) potentially affected by unknown CVE via grpc-ts-health-check (=1.0.14)
grpc-ts-health-check NPM version =1.0.14 is affected by a known vulnerability. The following packages have a transitive dependency on grpc-ts-health-check and may be impacted: - lyra-workflow =0.1.2, =0.1.2-rc.1 Source cves: unknown CVE Source advisory: OSV:GHSA-M86M-5M44-PC93...
Denial of Service in grpc-ts-health-check
Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status...
GHSA-M86M-5M44-PC93 Denial of Service in grpc-ts-health-check
Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status...
Server VDA suddenly goes to unregistered state with error: The Security Support Provider Interface (SSPI) negotiation failed.
Studio shows as unregistered. Ping works fine. VDA registration health check tool passes all the tests. Error: Exception System.ComponentModel.Win32Exception 0x80004005: The Security Support Provider Interface SSPI negotiation failed...
Data corruption due to unreliable SMB (CIFS) shares
Challenge Storages that use the SMB CIFS protocol without the continuous availability and write-through features can cause data corruption in case of technical outages. This can lead to restore or backup problems. Cause If shares operate without the continuous availability feature in the...