421 matches found
CVE-2020-3992
OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...
CVE-2020-3992
CVE-2020-3992 describes a use-after-free in OpenSLP used by VMware ESXi. A malicious actor on the management network with access to UDP port 427 can trigger remote code execution. Affected VMware ESXi versions include 7.0 prior to ESXi_7.0.1-0.0.16850804, 6.7 prior to ESXi670-202010401-SG, and 6....
CVE-2020-3992
OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...
VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)
3a. ESXi OpenSLP remote code execution vulnerability CVE-2020-3992 OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. NSX-T MITM vulnerability CVE-2020-3993 VMware...
CVE-2020-3992 — ESXi OpenSLP remote code execution vulnerability
OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...
PT-2020-4398 · Vmware · Vmware Esxi
Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 before ESXi 7.0.1-0.0.16850804 VMware ESXi versions 6.7 before ESXi670-202010401-SG VMware ESXi versions 6.5 before ESXi650-202010401-SG Description: The issue is related to a use-after-free problem in the OpenSLP...
The vulnerability of the openslp hypervisor in the VMware ESXi platform for Horizon DaaS allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the openslp package on the VMware ESXi platform’s Horizon DaaS virtual machine relates to buffer out-of-buffer writing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
EulerOS 2.0 SP2 : openslp (EulerOS-SA-2020-1655)
According to the version of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...
Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1655)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202005-12 : OpenSLP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202005-12 OpenSLP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for detail...
OpenSLP: Multiple vulnerabilities
Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
NewStart CGSL MAIN 4.05 : openslp Vulnerability (NS-SA-2020-0015)
The remote NewStart CGSL host, running version MAIN 4.05, has openslp packages installed that are affected by a vulnerability: - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range...
Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1418)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : openslp (EulerOS-SA-2020-1418)
According to the version of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...
VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544; CVE-2021-21974)
A heap buffer overflow vulnerability exists in OpenSLP. The vulnerability is due to improperly checking the bounds of a buffer before copying data to it. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to OpenSLP service on port 427...
Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1120)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : openslp (EulerOS-SA-2020-1120)
According to the version of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...
MGASA-2020-0075 Updated openslp packages fix security vulnerability
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...
Updated openslp packages fix security vulnerability
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...
CentOS 6 : openslp (RHSA-2020:0199)
The remote CentOS Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0199 advisory. - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical...