Multiple vulnerabilities have been discovered within VMware Aria Operations for Networks, the most severe of which could allow for remote code execution. VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes metrics, APIs, configurations, metadata, integrations, telemetry netflow, sFlow, and IPFIX flow traffic, which traverses the infrastructure. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
It was discovered that elfutils incorrectly handled certain malformed
files. If a user or automated system were tricked into processing a
specially crafted file, elfutils could be made to crash or consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310,
CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150,
CVE-2019-7665)
It was discovered that elfutils incorrectly handled bounds checks in
certain functions when processing malformed files. If a user or automated
system were tricked into processing a specially crafted file, elfutils
could be made to crash or consume resources, resulting in a denial of
service. (CVE-2020-21047, CVE-2021-33294)
