123 matches found
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...
AZL-36968 CVE-2019-5544 affecting package openslp for versions less than 2.0.0-26
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...
AZL-7321 CVE-2019-5544 affecting package openslp for versions less than 2.0.0-26
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...
CVE-2019-5544
CVE-2019-5544 refers to a heap-based buffer overflow in OpenSLP used by VMware ESXi and Horizon DaaS, triggered by processing URLs in service requests to port 427. The root cause is improper bounds checking in the OpenSLP slpd service (ProcessSrvRqst), enabling remote code execution via a crafted...
UBUNTU-CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...
VMware Releases Security Updates for ESXi and Horizon DaaS
VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security...
OpenSLP CVE-2019-5544 Heap Memory Corruption Vulnerability
Description OpenSLP is prone to a heap-memory-corruption vulnerability. An attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. OpenSLP 1.2.1 and 2.0.0 are vulnerable; other versions may also be affected...
VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability (CVE-2019-5544)
1. Impacted Products VMware ESXi VMware Horizon DaaS 2. Introduction A vulnerability in OpenSLP was privately reported to VMware. Patches and workarounds are available to address this vulnerability in affected VMware products. 3. VMware ESXi and Horizon DaaS updates address OpenSLP remote code...
VMSA-2019-0022:VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability
VMware Security Advisories Advisory ID| VMSA-2019-0022.1 ---|--- Advisory Severity| Critical CVSSv3 Range| 9.8 Synopsis| VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability CVE-2019-5544 Issue Date| 2019-12-05 Updated On| 2020-05-08 CVEs| CVE-2019-5544 1...
How to use GPMC to manage Citrix Policies (GPOs) for your DaaS environment
This article describes the required steps to be able to correctly setup and configure the management of Citrix Policies using Microsoft's Group Policy Management Console gpmc from a machine other than a Citrix Delivery Controller DDC...
Authentication flaw
VMware Horizon DaaS 7.x before 8.0.0 contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS...
CVE-2018-6960
VMware Horizon DaaS 7.x before 8.0.0 contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS...
CVE-2018-6960
VMware Horizon DaaS 7.x before 8.0.0 contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS...
CVE-2018-6960
VMware Horizon DaaS (7.x before 8.0.0) is affected by a broken authentication vulnerability that may allow bypass of two-factor authentication when an attacker has a legitimate Horizon DaaS account. The issue is addressed by VMware in VMSA-2018-0010; remediation is to apply the Horizon DaaS updat...
CVE-2018-6960
VMware Horizon DaaS 7.x before 8.0.0 contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS...
Horizon DaaS update addresses a broken authentication issue
VMware Horizon DaaS Broken authentication issue in Horizon DaaS Horizon DaaS contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. VMware woul...
CVE-2017-4897
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this...
Input validation
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this...