Lucene search
K

421 matches found

OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2018:2991-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.0389EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.11 views

SUSE: Security Advisory (SUSE-SU-2018:2779-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.0389EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2018:2779-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.0389EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/02/25 12:0 a.m.994 views

ESXi 6.5 / 6.7 / 7.0 RCE (VMSA-2021-0002)

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by a remote code execution vulnerability. OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing...

8.8CVSS9AI score0.45063EPSS
Exploits7References3
Rapid7 Blog
Rapid7 Blog
added 2021/02/24 10:22 p.m.789 views

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

This blog post was co-authored by Bob Rudis and Caitlin Condon. What’s up? On Feb. 23, 2021, VMware published an advisory VMSA-2021-0002 describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. Before digging into the individual vulnerabilities, it is...

10CVSS0.9AI score0.9957EPSS
Exploits54
NVD
NVD
added 2021/02/24 5:15 p.m.32 views

CVE-2021-21974

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

8.8CVSS0.45063EPSS
Exploits7References3
Prion
Prion
added 2021/02/24 5:15 p.m.36 views

Heap overflow

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

5.8CVSS8.8AI score0.45063EPSS
Exploits7References3Affected Software2
Cvelist
Cvelist
added 2021/02/24 4:57 p.m.33 views

CVE-2021-21974

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

9.1AI score0.45063EPSS
Exploits7References3
CVE
CVE
added 2021/02/24 4:57 p.m.802 views

CVE-2021-21974

CVE-2021-21974 is a heap-based overflow in VMware ESXi’s OpenSLP service that can enable remote code execution when an attacker on the same network segment can reach port 427. Affected releases include ESXi 7.x (before ESXi70U1c-17325551), ESXi 6.7 (before 202102401-SG), and ES6.5 (before 2021021...

8.8CVSS8.9AI score0.45063EPSS
In wildExploits7References3Affected Software1
The Hacker News
The Hacker News
added 2021/02/24 7:54 a.m.1837 views

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

VMware has addressed multiple critical remote code execution RCE vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port...

10CVSS1AI score0.99999EPSS
Exploits103
CNVD
CNVD
added 2021/02/24 12:0 a.m.13 views

VMware ESXi OpenSLP Heap Overflow Vulnerability

VMware ESXi is VMware's open server resource consolidation platform that enables centralized management of multiple servers with less hardware and improved server performance and security. VMware ESXi OpenSLP Heap Overflow Vulnerability.The VMware ESXi OpenSLP heap overflow vulnerability is...

8.8CVSS8AI score0.45063EPSS
Exploits7References1
CNNVD
CNNVD
added 2021/02/24 12:0 a.m.11 views

威睿 VMware ESXi 缓冲区错误漏洞

VMware ESXi is VMware's open server resource consolidation platform that enables centralized management of multiple servers with less hardware and improved server performance and security. VMware ESXi OpenSLP Heap Overflow Vulnerability.The VMware ESXi OpenSLP heap overflow vulnerability is...

8.8CVSS7.8AI score0.45063EPSS
Exploits7References9
ATTACKERKB
ATTACKERKB
added 2021/02/24 12:0 a.m.159 views

CVE-2021-21974

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

8.8CVSS3.3AI score0.45063EPSS
In wildExploits7References4
Positive Technologies
Positive Technologies
added 2021/02/23 12:0 a.m.4 views

PT-2021-2129

Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 6.5 before ESXi650-202102101-SG VMware ESXi versions 6.7 before ESXi670-202102401-SG VMware ESXi versions 7.0 before ESXi70U1c-17325551 Description: VMware ESXi’s OpenSLP service contains a heap-overflow vulnerability. An...

8.8CVSS9.8AI score0.45063EPSS
Exploits7References47
Rapid7 Blog
Rapid7 Blog
added 2020/11/11 12:39 a.m.638 views

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community to evidence of active exploitation attempts of CVE-2020-3992 and/or CVE-2019-5544, which are remote code execution RCE vulnerabilities in VMware ESXi’s service location protocol SLP service. VMware had issued a patch...

10CVSS0.8AI score0.96823EPSS
Exploits2
ThreatPost
ThreatPost
added 2020/11/04 4:17 p.m.595 views

VMware Issues Updated Fix For Critical ESXi Flaw

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’...

10CVSS0.8AI score0.9927EPSS
Exploits11References7
BDU FSTEC
BDU FSTEC
added 2020/10/29 12:0 a.m.6 views

The vulnerability of the openslp hypervisor package affects VMware ESXi, VMware Workstation, and VMware Fusion, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion relates to reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.1CVSS6.8AI score0.00792EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/10/29 12:0 a.m.6 views

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion allows a malicious actor to execute arbitrary code, cause system failures, or gain unauthorized access to protected information.

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion relates to the use of memory after deallocation. Exploiting this vulnerability can allow an attacker to execute arbitrary code, cause system failures, or gain unauthorized access to protecte...

10CVSS8.1AI score0.83015EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2020/10/20 5:15 p.m.33 views

CVE-2020-3992

OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...

10CVSS0.83015EPSS
Exploits2References4
Prion
Prion
added 2020/10/20 5:15 p.m.33 views

Design/Logic Flaw

OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...

10CVSS9.6AI score0.83015EPSS
Exploits2References3Affected Software2
Rows per page
Query Builder