747 matches found
Authentication flaw
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers in the vmware.py files does not always validate the SSL/TLS certificate...
PYSEC-2021-74
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers in the vmware.py files does not always validate the SSL/TLS certificate...
UBUNTU-CVE-2020-28972
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers in the vmware.py files does not always validate the SSL/TLS certificate...
CVE-2020-28972
SaltStack Salt CVE-2020-28972 : A vulnerability in Salt before 3002.5 allows authentication to VMware vcenter, vSphere, and ESXi servers via the vmware.py code paths without always validating SSL/TLS certificates. The issue stems from improper certificate validation in the SSL/TLS verification fl...
Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8566, CVE-2020-8565, CVE-2020-8563, CVE-2020-8564)
Summary IBM Cloud Private is vulnerable to Kubernetes vulnerabilities Vulnerability Details CVEID: CVE-2020-8566 DESCRIPTION: Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when Ceph RBD volumes are supported and kube-controller-manager is...
Saltstack SaltStack Salt 信任管理问题漏洞
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5, which stems from the fact that...
Exploit for Path Traversal in Vmware Cloud_Foundation
vsphereyeeter.sh is an automated bash script to exploit vuln...
VulnCheck KEV: CVE-2021-21972
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system...
The vulnerability of the vSphere Client plugin for managing VMware vCenter Server allows a attacker to send requests on behalf of the targeted server.
The vulnerability of the vSphere Client plugin for managing VMware vCenter Server lies in insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to send requests on behalf of the targeted server by sending specially crafted HTTP requests...
The vulnerability of the vSphere Client plugin for managing VMware vCenter Server allows a hacker to execute arbitrary code.
The vulnerability of the vSphere Client plugin for managing VMware vCenter Server lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted HTTP request remotely...
VMware VCenter Server file upload
Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
This blog post was co-authored by Bob Rudis and Caitlin Condon. What’s up? On Feb. 23, 2021, VMware published an advisory VMSA-2021-0002 describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. Before digging into the individual vulnerabilities, it is...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
Remote code execution
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
Server side request forgery (ssrf)
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
VMWare Patches Critical RCE Flaw in vCenter Server
Click to Register VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution RCE flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of a...
CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...