- EPSS 100%
- Veröffentlicht 26.05.2021 15:15:07
- Zuletzt bearbeitet 30.10.2025 20:05:29
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exp...
- EPSS 12.92%
- Veröffentlicht 26.05.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:49:22
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network acce...
CVE-2021-21975
- EPSS 78.29%
- Veröffentlicht 31.03.2021 18:15:14
- Zuletzt bearbeitet 30.10.2025 20:06:02
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrati...
CVE-2021-21983
- EPSS 68.56%
- Veröffentlicht 31.03.2021 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:49:22
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the un...
CVE-2021-21974
- EPSS 45.06%
- Veröffentlicht 24.02.2021 17:15:16
- Zuletzt bearbeitet 02.06.2026 21:16:24
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427...
- EPSS 99.57%
- Veröffentlicht 24.02.2021 17:15:15
- Zuletzt bearbeitet 30.10.2025 20:06:27
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operatin...
CVE-2021-21973
- EPSS 88.01%
- Veröffentlicht 24.02.2021 17:15:15
- Zuletzt bearbeitet 30.10.2025 20:06:18
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request ...
CVE-2020-4006
- EPSS 23.77%
- Veröffentlicht 23.11.2020 22:15:12
- Zuletzt bearbeitet 30.10.2025 20:07:02
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
CVE-2020-4004
- EPSS 0.39%
- Veröffentlicht 20.11.2020 20:15:13
- Zuletzt bearbeitet 31.10.2025 11:44:38
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A maliciou...
CVE-2020-4005
- EPSS 0.38%
- Veröffentlicht 20.11.2020 20:15:13
- Zuletzt bearbeitet 31.10.2025 11:44:38
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileg...