24 matches found
EUVD-2017-14037
Malware in sbrugna...
EUVD-2022-53105
Malicious code in bioql PyPI...
CVE-2022-31678
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
VulnCheck KEV: CVE-2022-31678
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
VMware Cloud Foundation XStream Deserialization
Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...
VMware Cloud Foundation XStream Deserialization
Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...
CVE-2022-31678
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
Xxe
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
VMware NSX for vSphere (NSX-v) < 6.4.14 Multiple Vulnerabilities (VMSA-2022-0027)
The version of VMware NSX for vSphere NSX-V installed on the remote host is prior to 6.4.14. It is, therefore, affected by multiple vulnerabilities, including: - VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library. CVE-2021-39144 - VMware Cloud...
VMware NSX For vSphere (NSX-v) Unsupported Detection
The VMware NSX for vSphere NSX-v appliance is no longer supported. Lack of support implies that no security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable Network Security, Inc...
CVE-2022-31678
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
CVE-2022-31678
Summary: CVE-2022-31678 is an XXE vulnerability in VMware Cloud Foundation’s NSX-V component used with VCF 3.x, allowing denial of service or unintended information disclosure. The root cause is an XML External Entity flaw in NSX-V parsing, enabling crafted XML to cause adverse effects. Impact: B...
CVE-2022-31678
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
Vulnerabilities fixed in VMware Cloud Foundation
VMware has fixed vulnerabilities in NSX-V as used by VMware Cloud Foundation. An unauthenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with privileges of root. This requires sending malicious network traffic to a...
SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a vulnerable unmarshaller used to handle incoming...
SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...
NSX-T vs. NSX-V – Key Differences and Pitfalls to Avoid
Learn the difference between VMware’s segmentation offerings, NSX-T vs NSX-V, and understand the several potential pitfalls that are important to consider before deployment...
CVE-2017-4920
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement LSA. A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop ...
CVE-2017-4920
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement LSA. A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop ...
Design/Logic Flaw
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement LSA. A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop ...