7 matches found
VMware vCenter Server Patch Reissue
VMware on Saturday reissued a patch from October that incompletely addressed a critically rated remote code execution vulnerability in vCenter Server. The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowe...
VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007)
The remote VMware ESXi host is version 5.5 prior to build 3029944. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute...
CVE-2015-2342
CVE-2015-2342 concerns the JMX RMI service in VMware vCenter Server. Multiple sources (NVD, SUSE, CNVD, CIRCL) describe that vCenter Server versions 5.0 (before u3e), 5.1 (before u3b), 5.5 (before u3), and 6.0 (before u1) expose an overly permissive JMX RMI endpoint that does not restrict MBean r...
VMware ESXi OpenSLP Remote Code Execution (VMSA-2015-0007) - Remote Version Check
VMware ESXi updates address critical security issues. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
VMware ESXi OpenSLP Remote Code Execution (VMSA-2015-0007)
VMware vCenter and ESXi updates address critical security issues. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VMware vCenter Multiple Vulnerabilities (VMSA-2015-0007)
The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities : - A flaw exists in the vpxd service due to improper sanitization of long heartbeat messages. An unauthenticated, remote attacker can exploit this to cause a denial of service. CVE-2015-1047 - A...
CVE-2015-2342
creationtimestamp| type| source ---|---|--- 2015-02-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36101 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/javajmxserver.rb 2018-12-19 19:19:52+00:00| seen|...