206 matches found
VMware Cloud Foundation 代码问题漏洞
VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. A security vulnerability exists in VMware Cloud Foundation NSX-V that stems from the...
CVE-2022-31678
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...
Vulnerabilities fixed in VMware Cloud Foundation
VMware has fixed vulnerabilities in NSX-V as used by VMware Cloud Foundation. An unauthenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with privileges of root. This requires sending malicious network traffic to a...
The vulnerability of the XStream library for converting objects to XML or JSON format in the VMware Cloud Foundation virtualization platform allows a perpetrator to execute arbitrary code with root privileges.
The vulnerability of the XStream library for converting objects to XML or JSON format in the VMware Cloud Foundation platform is related to deserialization errors and the ability to execute arbitrary code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root...
VMware Cloud Foundation updates address multiple vulnerabilities.
3a. VMware Cloud Foundation update addresses a remote code execution vulnerability via XStream CVE-2021-39144 VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity rang...
VMware Cloud Director 10.4 Compatibility Patches
Hotfix for Veeam Backup & Replication 11.0.1.1261 P20230227 The hotfix on this article has been rebuilt as of 2023-11-24 to be compatible only with Veeam Backup & Replication build 11.0.1.1261 P20230227. This is the second such rebuild; the last rebuild was on 2023-03-16. Note: If an older versio...
The vulnerability of the software for managing virtual infrastructure, VMware vCenter Server, and the virtualization platform, VMware Cloud Foundation, is related to insufficient checking of incoming requests. This allows a perpetrator to carry out an SSRF attack.
The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending specially craft...
SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...
SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a vulnerable unmarshaller used to handle incoming...
VMware vCenter Server 代码问题漏洞
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A code issue vulnerability exists in VMware...
VMware Cloud Foundation Web Detection
Binary data vmwarecloudfoundationwebdetect.nbin...
VMware Cloud Director 10.1.x < 10.1.4.1 / 10.2.x < 10.2.2.3 / 10.3.x < 10.3.3 RCE (VMSA-2022-0013)
The version of VMware vCloud Director installed on the remote host is 10.1.x prior to 10.1.4.1, 10.2.x prior to 10.2.2.3, 10.3.x 10.3.3. It is, therefore, affected by a code injection vulnerability due to a failure to properly handle input. A remote, authenticated actor can exploit this, by sendi...
Vulnerability fixed in VMWare Cloud Director
A vulnerability has been fixed in VMWare Cloud Director. This vulnerability allows an authenticated outside attacker with network access to the VMWare Cloud Director tenant to execute execute arbitrary code and thereby gain access to the server. gain. VMWare has made updates available for VMware...
The vulnerability of VMware Cloud Foundation’s virtualization platform and VMware ESXi hypervisor, related to synchronization errors when using shared resources, allows attackers to escalate their privileges.
The vulnerability of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a attacker to cause a service failure.
The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the VMX service on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a perpetrator to escalate their privileges.
The vulnerability of the VMX service on the VMware Cloud Foundation and the VMware ESXi hypervisor platform is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the UHCI controller on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a attacker to execute arbitrary code.
The vulnerability of the UHCI platform of the VMware Cloud Foundation and the VMware ESXi hypervisor lies in synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2022-22966
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server...
CVE-2022-22966
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server...
Remote code execution
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server...