CVE Daily
← All tags

Tag: VMware Photon

All CVEs associated with "VMware Photon". Page 1/1 • 12 CVEs.

About “VMware Photon”

A curated feed of “VMware Photon”-related CVEs appears below. We currently track 12 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 6.2 (all time), and 25% are rated High/Critical (all time). Top CWEs (all time): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-306 - Missing Authentication for Critical Function, CWE-94 - Improper Control of Generation of Code ('Code Injection').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: photon

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
5.0--
4.0-
3.0- Expired
2.0- Expired
1.0- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “VMware Photon”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-11-14
Critical

CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cl…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2023-10-21
High

CVE-2023-46055

An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage"…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2023-04-06
Medium

CVE-2023-24374

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-02-14
Medium

CVE-2023-24382

Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.

CVSS: 5.4 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2022-04-11
Medium

CVE-2021-22055

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.

CVSS: 5.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2021-03-31
Medium

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager A…

CVSS: 6.5 CWE: N/A View on NVD
2015-09-20
Medium

CVE-2015-5637

The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.

CVSS: 6.8 CWE: CWE-264 View on NVD
2013-07-12
Medium

CVE-2013-2688

Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possi…

CVSS: 5.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-02-09
Medium

CVE-2006-0619

Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long (1) ABLPATH or (2) ABLANG environment variables in the libAP library (libAp.so.2)…

CVSS: 4.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2004-08-26
High

CVE-2004-1681

Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) comm…

CVSS: 7.2 CWE: N/A View on NVD
2002-12-31
Low

CVE-2002-2409

Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name…

CVSS: 3.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2000-12-19
Medium

CVE-2000-0904

Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that informat…

CVSS: 5.0 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox