Lucene search
K

421 matches found

Vulnrichment
Vulnrichment
added 2020/10/20 4:11 p.m.12 views

CVE-2020-3992

OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...

9.7AI score0.83015EPSS
Exploits2References3
CVE
CVE
added 2020/10/20 4:11 p.m.1326 views

CVE-2020-3992

CVE-2020-3992 describes a use-after-free in OpenSLP used by VMware ESXi. A malicious actor on the management network with access to UDP port 427 can trigger remote code execution. Affected VMware ESXi versions include 7.0 prior to ESXi_7.0.1-0.0.16850804, 6.7 prior to ESXi670-202010401-SG, and 6....

10CVSS9.5AI score0.83015EPSS
In wildExploits2References4Affected Software2
Cvelist
Cvelist
added 2020/10/20 4:11 p.m.44 views

CVE-2020-3992

OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...

9.7AI score0.83015EPSS
Exploits2References3
VMware
VMware
added 2020/10/20 12:0 a.m.113 views

VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)

3a. ESXi OpenSLP remote code execution vulnerability CVE-2020-3992 OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. NSX-T MITM vulnerability CVE-2020-3993 VMware...

10CVSS7.8AI score0.83015EPSS
Exploits2References31Affected Software8
ATTACKERKB
ATTACKERKB
added 2020/10/20 12:0 a.m.1309 views

CVE-2020-3992 — ESXi OpenSLP remote code execution vulnerability

OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...

10CVSS10AI score0.96823EPSS
In wildExploits2References4
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.4 views

PT-2020-4398 · Vmware · Vmware Esxi

Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 before ESXi 7.0.1-0.0.16850804 VMware ESXi versions 6.7 before ESXi670-202010401-SG VMware ESXi versions 6.5 before ESXi650-202010401-SG Description: The issue is related to a use-after-free problem in the OpenSLP...

10CVSS9.3AI score0.96823EPSS
Exploits2References31
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.7 views

The vulnerability of the openslp hypervisor in the VMware ESXi platform for Horizon DaaS allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the openslp package on the VMware ESXi platform’s Horizon DaaS virtual machine relates to buffer out-of-buffer writing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS8AI score0.96823EPSS
Exploits1References5Affected Software5
Tenable Nessus
Tenable Nessus
added 2020/06/17 12:0 a.m.49 views

EulerOS 2.0 SP2 : openslp (EulerOS-SA-2020-1655)

According to the version of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...

9.8CVSS8.1AI score0.96823EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/06/16 12:0 a.m.48 views

Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1655)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.96823EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/05/15 12:0 a.m.54 views

GLSA-202005-12 : OpenSLP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202005-12 OpenSLP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for detail...

9.8CVSS7.8AI score0.96823EPSS
Exploits1References3
Gentoo Linux
Gentoo Linux
added 2020/05/14 12:0 a.m.43 views

OpenSLP: Multiple vulnerabilities

Background OpenSLP is an open-source implementation of Service Location Protocol SLP. Description Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

9.8CVSS2.9AI score0.96823EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/04/21 12:0 a.m.51 views

NewStart CGSL MAIN 4.05 : openslp Vulnerability (NS-SA-2020-0015)

The remote NewStart CGSL host, running version MAIN 4.05, has openslp packages installed that are affected by a vulnerability: - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range...

9.8CVSS8.1AI score0.96823EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/04/16 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1418)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.96823EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/04/15 12:0 a.m.50 views

EulerOS 2.0 SP3 : openslp (EulerOS-SA-2020-1418)

According to the version of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...

9.8CVSS8.1AI score0.96823EPSS
Exploits1References2
Check Point Advisories
Check Point Advisories
added 2020/02/26 12:0 a.m.19 views

VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544; CVE-2021-21974)

A heap buffer overflow vulnerability exists in OpenSLP. The vulnerability is due to improperly checking the bounds of a buffer before copying data to it. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to OpenSLP service on port 427...

7.5CVSS3.6AI score0.96823EPSS
Exploits8
OpenVAS
OpenVAS
added 2020/02/24 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for openslp (EulerOS-SA-2020-1120)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.96823EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/02/24 12:0 a.m.30 views

EulerOS 2.0 SP5 : openslp (EulerOS-SA-2020-1120)

According to the version of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...

9.8CVSS8.1AI score0.96823EPSS
Exploits1References2
OSV
OSV
added 2020/02/09 7:13 p.m.13 views

MGASA-2020-0075 Updated openslp packages fix security vulnerability

A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...

9.8CVSS9.7AI score0.96823EPSS
Exploits1References3
Mageia
Mageia
added 2020/02/09 7:13 p.m.48 views

Updated openslp packages fix security vulnerability

A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause...

9.8CVSS3.2AI score0.96823EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.50 views

CentOS 6 : openslp (RHSA-2020:0199)

The remote CentOS Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0199 advisory. - OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical...

9.8CVSS8AI score0.96823EPSS
Exploits1References2
Rows per page
Query Builder