|
201951
|
5.5 |
MEDIUM
Local
|
vmware
|
vcenter_server
cloud_foundation
|
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sen…
|
NVD-CWE-noinfo
|
CVE-2021-22007
|
2024-11-21 14:49 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201952
|
7.5 |
HIGH
Network
|
vmware
|
vcenter_server
cloud_foundation
|
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issu…
|
NVD-CWE-noinfo
|
CVE-2021-22006
|
2024-11-21 14:49 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201953
|
9.8 |
CRITICAL
Network
|
vmware
|
vcenter_server
cloud_foundation
|
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code…
|
CWE-22
Path Traversal
|
CVE-2021-22005
|
2024-11-21 14:49 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201954
|
6.5 |
MEDIUM
Network
|
vmware
|
vcenter_server
cloud_foundation
|
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-21993
|
2024-11-21 14:49 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201955
|
6.5 |
MEDIUM
Network
|
vmware
|
vcenter_server
cloud_foundation
|
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or…
|
NVD-CWE-noinfo
|
CVE-2021-21992
|
2024-11-21 14:49 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201956
|
7.8 |
HIGH
Local
|
vmware
|
vcenter_server
cloud_foundation
|
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may explo…
|
NVD-CWE-noinfo
|
CVE-2021-21991
|
2024-11-21 14:49 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201957
|
8.8 |
HIGH
Network
|
elastic
|
enterprise_search
|
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated att…
|
CWE-862
Missing Authorization
|
CVE-2021-22149
|
2024-11-21 14:49 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201958
|
8.8 |
HIGH
Network
|
elastic
|
enterprise_search
|
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user ga…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-22148
|
2024-11-21 14:49 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201959
|
6.5 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized …
|
CWE-862
Missing Authorization
|
CVE-2021-22147
|
2024-11-21 14:49 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201960
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.
|
CWE-863
Incorrect Authorization
|
CVE-2021-22239
|
2024-11-21 14:49 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
