» 2021 » 9월

CVE-2021-22941

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22941

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Source: CVE-2021-22941

CVE-2021-22945

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22945

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Source: CVE-2021-22945

CVE-2021-22015

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22015

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.

Source: CVE-2021-22015

CVE-2021-22012

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22012

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Source: CVE-2021-22012

CVE-2021-22013

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Source: CVE-2021-22013

CVE-2021-22014

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.

Source: CVE-2021-22014

CVE-2021-22010

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22010

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.

Source: CVE-2021-22010

CVE-2021-22011

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22011

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.

Source: CVE-2021-22011

CVE-2021-22008

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

Source: CVE-2021-22008

CVE-2021-22009

Posted on 2021년 9월 23일2021년 9월 23일 by admin

CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.

Source: CVE-2021-22009