Lucene search
K
VmwareVcenter Server

79 matches found

CVE
CVE
added 2021/02/24 4:42 p.m.1677 views

CVE-2021-21972

CVE-2021-21972 is an unauthenticated remote code execution in VMware vCenter Server via the vROPS vropsplugin UI, triggered by uploading a crafted archive to /ui/vropspluginui/rest/services/uploadova. Affected: vCenter Server 6.5/6.7/7.0 (including Cloud Foundation 4.x/3.x). Impact is arbitrary f...

10CVSS9.8AI score0.9957EPSS
In wildWeb
CVE
CVE
added 2021/05/26 2:4 p.m.1633 views

CVE-2021-21985

CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...

10CVSS9.8AI score0.99999EPSS
In wild
CVE
CVE
added 2021/09/23 11:37 a.m.1280 views

CVE-2021-22005

CVE-2021-22005 affects VMware vCenter Server via an arbitrary file upload vulnerability in the Analytics service. With network access to port 443, an attacker can upload a crafted file to trigger remote code execution. Public PoCs and exploits exist (e.g., VM attack surfaces and multiple advisori...

9.8CVSS8.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2020/04/10 1:55 p.m.1267 views

CVE-2020-3952

CVE-2020-3952 affects VMware vCenter Server’s Directory Service (vmdir) when the Platform Services Controller does not enforce access controls, enabling a network-accessible attacker (port 389) to perform an authentication bypass and potentially gain control over the vCenter Directory. Public sou...

9.8CVSS9AI score0.90384EPSS
In wild
CVE
CVE
added 2021/02/24 4:42 p.m.1153 views

CVE-2021-21973

CVE-2021-21973 is a VMware vSphere Client (HTML5) SSRF vulnerability in which URL validation for a vCenter Server plugin is improper, allowing an attacker with network access to port 443 to trigger information disclosure via a crafted POST to the vulnerable endpoint. Affected products/versions in...

5.3CVSS6.7AI score0.88012EPSS
In wild
CVE
CVE
added 2021/09/23 12:13 p.m.1042 views

CVE-2021-22017

Summary of CVE-2021-22017 : VMware vCenter Server’s rhttp proxy (rhttproxy) has an improper URI normalization implementation that can be exploited by a remote attacker with network access to port 443 to bypass proxy restrictions and access internal endpoints. The vulnerability affects vCenter Ser...

5.3CVSS6.6AI score0.47642EPSS
In wild
CVE
CVE
added 2023/10/25 4:21 a.m.491 views

CVE-2023-34048

CVE-2023-34048 affects VMware vCenter Server and Cloud Foundation via an out-of-bounds write in the DCERPC implementation that can lead to remote code execution when a attacker with network access sends a crafted request. The vulnerability is rated CVSS v3.1 base score 9.8 (CRITICAL) with network...

9.8CVSS9.9AI score0.99428EPSS
In wild
CVE
CVE
added 2024/09/17 5:13 p.m.419 views

CVE-2024-38812

CVE-2024-38812 : VMware vCenter Server is affected by a heap-based buffer overflow in the DCERPC protocol. A remote attacker with network access can trigger code execution by sending a specially crafted network packet. The CVE is tracked across multiple advisories and has several patched / update...

9.8CVSS9.8AI score0.54143EPSS
In wild
CVE
CVE
added 2024/09/17 5:13 p.m.305 views

CVE-2024-38813

CVE-2024-38813 : Privilege-escalation in VMware vCenter Server. A remote attacker with network access could trigger a flaw by sending a specially crafted packet to escalate to root. NVD lists CVSS v3.1 base score 9.8 (CRITICAL) with network access, no user interaction. Related documents also desc...

9.8CVSS8.9AI score0.16676EPSS
In wild
CVE
CVE
added 2022/03/29 5:24 p.m.304 views

CVE-2022-22948

CVE-2022-22948 affects VMware vCenter Server and is caused by improper default/file permissions that allow non-administrative access to disclose sensitive information. Public sources document VMSA-2022-0009, listing affected versions: vCenter 6.5 up to 6.5U3r, 6.7 up to 6.7U3p, and 7.0 up to 7.0U...

6.5CVSS6.3AI score0.13935EPSS
In wild
CVE
CVE
added 2019/09/18 9:42 p.m.261 views

CVE-2019-5531

Summary (validated by connected documents): CVE-2019-5531 affects VMware vSphere ESXi (6.7, 6.5, 6.0 lines) and vCenter Server (6.7, 6.5, 6.0 lines) due to an information disclosure vulnerability caused by insufficient session expiration. An attacker with physical access or who can mimic a websoc...

5.8CVSS6.3AI score0.00967EPSS
CVE
CVE
added 2023/06/22 11:47 a.m.234 views

CVE-2023-20892

VMware vCenter Server is affected by CVE-2023-20892, a DCERPC-based heap overflow in the remote procedure call handling. Talos’ TALOS-2023-1801 report confirms a heap overflow in the DCERPC call processing of vCenter Server 7.0.3.01000 (and related components such as vmcad, vmdird, vmafdd) that c...

9.8CVSS9.2AI score0.01849EPSS
CVE
CVE
added 2023/10/25 4:24 a.m.234 views

CVE-2023-34056

CVE-2023-34056 affects VMware vCenter Server, with a partial information disclosure vulnerability where a remote attacker with non-administrative privileges can access data they should not see. Affected versions are vCenter Server 7.0 before 7.0U3o and 8.0 before 8.0U2. The root cause is improper...

4.3CVSS4.6AI score0.00667EPSS
In wild
CVE
CVE
added 2024/06/18 5:43 a.m.224 views

CVE-2024-37079

CVE-2024-37079 is a VMware vCenter Server DCERPC heap-out-of-bounds/write vulnerability with remote code execution potential when a network-accessible vCenter receives crafted packets. Affected component: vCenter Server (DCERPC workflow). Root cause: heap overflow/out-of-bounds write in the DCERP...

9.8CVSS7.7AI score0.22377EPSS
In wild
CVE
CVE
added 2021/11/24 4:32 p.m.199 views

CVE-2021-21980

CVE-2021-21980 affects the vSphere Web Client (FLEX/Flash) in VMware vCenter Server, enabling an unauthorized arbitrary file read via network access to port 443. Public documentation confirms path traversal/vfile-read behavior with high impact (CVE-2021-21980; CVSSv3.1 base 7.5). Affected product...

7.5CVSS8.6AI score0.04601EPSS
Web
CVE
CVE
added 2009/08/27 5:0 p.m.187 views

CVE-2009-2698

CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...

7.8CVSS7.1AI score0.07121EPSS
In wild
CVE
CVE
added 2021/11/24 4:32 p.m.187 views

CVE-2021-22049

CVE-2021-22049 is an SSRF flaw in the vSAN Web Client (vSAN UI) plug‑in of vSphere Web Client. Exploitation requires network access to port 443 on vCenter Server to trigger a URL request outside or to internal services. Connected sources confirm this affects VMware vCenter Server and describe the...

9.8CVSS9.2AI score0.01673EPSS
CVE
CVE
added 2019/09/18 8:32 p.m.184 views

CVE-2019-5534

Summary (CVE-2019-5534): VMware vCenter Server and related ESXi/Vsphere components are affected by an information-disclosure issue in OVF deployments, where vAppConfig properties can reveal credentials (typically root) used to deploy the OVF. A malicious actor with access to query these vAppConfi...

7.7CVSS7.4AI score0.01627EPSS
CVE
CVE
added 2015/10/12 10:0 a.m.176 views

CVE-2015-2342

CVE-2015-2342 concerns the JMX RMI service in VMware vCenter Server. Multiple sources (NVD, SUSE, CNVD, CIRCL) describe that vCenter Server versions 5.0 (before u3e), 5.1 (before u3b), 5.5 (before u3), and 6.0 (before u1) expose an overly permissive JMX RMI endpoint that does not restrict MBean r...

10CVSS7.7AI score0.89048EPSS
CVE
CVE
added 2022/07/13 6:18 p.m.176 views

CVE-2022-22982

CVE-2022-22982 is a server-side request forgery (SSRF) vulnerability in VMware vCenter Server. With network access to port 443, an attacker can cause the server to fetch a URL outside vCenter or access an internal service. The issue affects vCenter Server 6.5 (up to 6.5 U3t), 6.7 (up to 6.7 U3r),...

7.5CVSS7.5AI score0.00946EPSS
CVE
CVE
added 2021/05/26 2:4 p.m.174 views

CVE-2021-21986

Summary: CVE-2021-21986 affects the vSphere Client (HTML5) by exploiting a flaw in the vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A remote attacker who can reach port 443 on vCenter ...

10CVSS9.5AI score0.12918EPSS
CVE
CVE
added 2024/06/18 5:43 a.m.170 views

CVE-2024-37081

CVE-2024-37081 affects VMware vCenter Server (vCenter Server Appliance). A misconfiguration of sudo enables a local authenticated user with non-admin privileges to escalate to root. IBM’s bulletin ties this to vCenter Server variants in IBM Cloud Pak System and lists the remediation path: upgrade...

7.8CVSS7.3AI score0.04989EPSS
CVE
CVE
added 2021/09/23 12:0 a.m.162 views

CVE-2021-22015

This CVE affects VMware vCenter Server (vCenter Appliance) and describes local privilege escalation due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. An authenticated local user in the cis group can write to this file and cause vmware-vmon to run as root, elevating p...

7.8CVSS8AI score0.01808EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.161 views

CVE-2022-31697

CVE-2022-31697 is an information disclosure vulnerability in VMware vCenter Server where credentials are logged in plaintext during operations on the vCenter Appliance ISO (Install/Upgrade/Migrate/Restore). The underlying issue enables a local attacker who has access to the workstation invoking t...

5.5CVSS6.4AI score0.0013EPSS
CVE
CVE
added 2024/05/21 5:29 p.m.161 views

CVE-2024-22274

VMware vCenter Server CVE-2024-22274 is an authenticated RCE that requires an admin on the vCenter appliance shell to run arbitrary OS commands. Public IBM Red Hat and other advisories confirm the issue and severity (CVSS 7.2, High) with a path to remediation: upgrade vCenter to a fixed release (...

7.2CVSS8AI score0.02488EPSS
CVE
CVE
added 2019/09/18 8:32 p.m.158 views

CVE-2019-5532

CVE-2019-5532 affects VMware vCenter Server and is an information-disclosure vulnerability caused by plain-text logging of OVF deployment credentials. A malicious user with access to vCenter OVF log files could view credentials (typically root) used to deploy the VM. Affected product lines includ...

7.7CVSS7.4AI score0.01857EPSS
CVE
CVE
added 2021/09/23 11:37 a.m.154 views

CVE-2021-21993

CVE-2021-21993 describes a Server-Side Request Forgery (SSRF) in VMware vCenter Server Content Library. An authorised user with content library access can trigger a POST request to vCenter Server, causing information disclosure. Affected ecosystem includes VMware vCenter Server versions vulnerabl...

6.5CVSS7AI score0.00908EPSS
CVE
CVE
added 2021/09/23 11:51 a.m.151 views

CVE-2021-22009

CVE-2021-22009 affects VMware vCenter Server via VAPI, enabling a remote attacker to trigger a DoS through excessive memory consumption in the VAPI service when accessing port 443. Public sources (NVD/Red Hat CNVD) describe multiple memory‑exhaustion DoS vulnerabilities in VAPI/VAPI endpoints. Th...

7.5CVSS7.5AI score0.01358EPSS
CVE
CVE
added 2024/06/18 5:43 a.m.151 views

CVE-2024-37080

VMware vCenter Server is affected by a DCERPC protocol heap-overflow vulnerability (CVE-2024-37080) that can lead to remote code execution when an attacker with network access sends a crafted packet. Public sources consistently describe this as a network-exposed issue with high impact (CVE-2024-3...

9.8CVSS7.7AI score0.12478EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.149 views

CVE-2022-31698

The CVE-2022-31698 entry concerns VMware vCenter Server (and related ESXi components) with a denial-of-service in the content library service. According to the provided documents, a remote attacker who can access port 443 over the network can trigger a DoS by sending a specially crafted header, l...

5.3CVSS5.8AI score0.47795EPSS
CVE
CVE
added 2021/09/22 6:59 p.m.144 views

CVE-2021-21991

VMware vCenter Server has a local privilege-escalation vulnerability (CVE-2021-21991) caused by improper handling of session tokens. A non-administrative user with local access can escalate to Administrator on the vSphere Client (HTML5) or vCenter Web Client (FLEX/Flash). Public reports consisten...

7.8CVSS8.3AI score0.00306EPSS
CVE
CVE
added 2009/08/11 6:0 p.m.142 views

CVE-2009-2416

CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....

6.5CVSS6.7AI score0.01793EPSS
CVE
CVE
added 2021/09/23 11:41 a.m.141 views

CVE-2021-22006

VMware vCenter Server CVE-2021-22006 is a reverse proxy/bypass vulnerability arising from how the URI is handled, allowing an unauthenticated attacker with network access to port 443 to access restricted endpoints. Publicly documented details in multiple sources (NVD, CNVD, CVE lists, IBM/NCSC ad...

7.5CVSS7.8AI score0.06334EPSS
CVE
CVE
added 2021/09/23 11:51 a.m.139 views

CVE-2021-22011

CVE-2021-22011 describes an unauthenticated API endpoint vulnerability in VMware vCenter Server Content Library that allows a remote attacker with network access to port 443 to perform unauthenticated VM network setting manipulation. The issue is triggered by an unauthenticated API surface in vCe...

5.3CVSS6.1AI score0.01057EPSS
CVE
CVE
added 2021/09/23 11:59 a.m.133 views

CVE-2021-22014

CVE-2021-22014 is an authenticated code-execution vulnerability in VMware vCenter Server’s VAMI (port 5480). An authenticated VAMI user with network access to 5480 can execute arbitrary code on the underlying OS hosting vCenter Server. The issue is publicly discussed across multiple sources (e.g....

9CVSS7.9AI score0.01473EPSS
CVE
CVE
added 2009/03/25 1:0 a.m.129 views

CVE-2009-1072

CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...

4.9CVSS4.4AI score0.00427EPSS
CVE
CVE
added 2021/09/22 6:59 p.m.129 views

CVE-2021-21992

CVE-2021-21992 describes a denial-of-service vulnerability in VMware vCenter Server caused by improper XML entity parsing. An attacker with non-administrative access to the vCenter HTML5/vSphere Web Client could trigger a DoS on the vCenter host. Affected product: VMware vCenter Server (and Cloud...

6.8CVSS7.8AI score0.00944EPSS
CVE
CVE
added 2021/11/10 5:50 p.m.129 views

CVE-2021-22048

CVE-2021-22048 affects VMware vCenter Server via IWA (Integrated Windows Authentication), enabling privilege escalation from non-administrative access to higher privileges. Connected sources confirm the vulnerability in the IWA mechanism, with advisories noting VMware’s fix in VMSA-2021-0025.x an...

8.8CVSS8.8AI score0.09976EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.127 views

CVE-2022-31680

CVE-2022-31680 is a VMware vCenter Server Platform Services Controller unsafe deserialization vulnerability (PSC data handler). A post-authentication attacker with admin credentials can craft a Base64-encoded constraint object sent to /psc/data/constraint, leading to arbitrary code execution on t...

9.1CVSS9.4AI score0.33064EPSS
CVE
CVE
added 2020/08/21 12:37 p.m.126 views

CVE-2020-3976

CVE-2020-3976 affects VMware ESXi and vCenter Server, describing a partial denial-of-service in their authentication services. The public details identify a moderate impact (CVSSv3 base score 5.3) with network access required and low attack complexity, but do not provide exploit specifics in the ...

5.3CVSS5.1AI score0.02117EPSS
CVE
CVE
added 2021/09/23 11:41 a.m.122 views

CVE-2021-22008

CVE-2021-22008 is an information-disclosure flaw in VMware vCenter Server’s VAPI service. With network access to port 443, an attacker can send a crafted json-rpc message to access sensitive data. Public references (NVD/Red Hat/CNVD) describe the vulnerability similarly and cite VMware’s VMSA-202...

7.5CVSS7.3AI score0.01629EPSS
CVE
CVE
added 2020/10/20 4:14 p.m.116 views

CVE-2020-3994

CVE-2020-3994 affects VMware vCenter Server (versions 6.7 before 6.7u3, 6.6 before 6.5u3k). It is a session hijack vulnerability in the vCenter Server Appliance Management Interface (VAMI) update function caused by a lack of certificate validation. An attacker with network position between vCente...

7.4CVSS7.8AI score0.00638EPSS
CVE
CVE
added 2021/09/23 12:12 p.m.112 views

CVE-2021-22016

CVE-2021-22016 affects VMware vCenter Server and involves a reflected cross-site scripting (XSS) vulnerability caused by insufficient input sanitization. An attacker could lure a user to click a crafted link and have malicious scripts run in the victim’s browser. Public details in connected sourc...

6.1CVSS6.5AI score0.0087EPSS
CVE
CVE
added 2021/09/23 11:51 a.m.109 views

CVE-2021-22010

CVE-2021-22010 affects VMware vCenter Server: DoS caused by VPXD memory exhaustion when an attacker with network access to port 443 exploits a vulnerability in VPXD. Affected product scope includes vCenter Server deployments that expose VPXD on 443, leading to degraded service or denial of servic...

7.5CVSS8.2AI score0.01577EPSS
CVE
CVE
added 2021/09/23 12:16 p.m.101 views

CVE-2021-22019

CVE-2021-22019 is a denial-of-service vulnerability in VMware vCenter Server’s VAPI service. A remote attacker can send a crafted jsonrpc message to port 5480 to trigger DoS, impacting availability. Red Hat and NVD describe the same DoS condition; the issue is listed under VMSA-2021-0020 with hig...

7.5CVSS7.7AI score0.01564EPSS
CVE
CVE
added 2021/09/23 11:41 a.m.99 views

CVE-2021-22007

CVE-2021-22007 affects VMware vCenter Server in the Analytics service. An authenticated user with non-administrative privileges can disclose sensitive information via a local information disclosure vulnerability in Analytics. The issue is classified with CVSSv3.1 base score 5.5 (vector: CVSS:3.1/...

5.5CVSS6.9AI score0.00236EPSS
CVE
CVE
added 2016/08/08 1:0 a.m.97 views

CVE-2016-5331

CVE-2016-5331 describes a CRLF/HTTP header injection vulnerability in VMware vCenter Server 6.0 (before U2) and ESXi 6.0. The underlying issue is CRLF injection that allows remote attackers to manipulate HTTP headers and perform HTTP response splitting via unspecified vectors. Impact is stated as...

6.1CVSS6.1AI score0.01906EPSS
Web
CVE
CVE
added 2021/09/23 12:16 p.m.97 views

CVE-2021-22020

CVE-2021-22020 is a denial-of-service vulnerability in the Analytics service of VMware vCenter Server. Exploitation relies on input handling in Analytics, leading to DoS. VMware's VMSA-2021-0020 provides updates/patches; CVSSv3.1 shows MEDIUM (5.5) with LOCAL/low complexity. No exploit details ar...

5.5CVSS7.1AI score0.0022EPSS
CVE
CVE
added 2024/05/21 5:29 p.m.97 views

CVE-2024-22275

CVE-2024-22275 affects VMware vCenter Server and is a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell can exploit it to read arbitrary sensitive data from files, with Confidentiality impact rated High and other impacts not affected....

4.9CVSS6.6AI score0.00986EPSS
CVE
CVE
added 2015/10/12 10:0 a.m.96 views

CVE-2015-1047

VMware products affected by CVE-2015-1047 include vCenter Server (vpxd) 5.0 before u3e, 5.1 before u3, and 5.5 before u2 (DoS via long heartbeat) and ESXi 5.0/5.1/5.5 with OpenSLP OpenSLP OpenSLP double-free in SLPDProcessMessage() leading to remote code execution or denial of service. Patches/up...

5CVSS7.1AI score0.03323EPSS
Total number of security vulnerabilities79