Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105133
Kategorie:VMware Local Security Checks
Titel:VMware ESXi product updates address security vulnerabilities (VMSA-2014-0012)
Zusammenfassung:VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation; issue and security vulnerabilities in third-party libraries.
Beschreibung:Summary:
VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation
issue and security vulnerabilities in third-party libraries.

Vulnerability Insight:
a. VMware vCSA cross-site scripting vulnerability
VMware vCenter Server Appliance (vCSA) contains a vulnerability that may
allow for Cross Site Scripting. Exploitation of this vulnerability in
vCenter Server requires tricking a user to click on a malicious link or
to open a malicious web page while they are logged in into vCenter.

b. vCenter Server certificate validation issue
vCenter Server does not properly validate the presented certificate
when establishing a connection to a CIM Server residing on an ESXi
host. This may allow for a Man-in-the-middle attack against the CIM
service.

c. Update to ESXi libxml2 package
libxml2 is updated to address multiple security issues.

d. Update to ESXi Curl package
Curl is updated to address multiple security issues.

e. Update to ESXi Python package
Python is updated to address multiple security issues.

f. vCenter and Update Manager, Oracle JRE 1.6 Update 81

Oracle has documented the CVE identifiers that are addressed in JRE
1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory of July 2014.

Affected Software/OS:
VMware ESXi 5.1 without patch ESXi510-201412101-SG.

Solution:
Apply the missing patch(es).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3797
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://seclists.org/fulldisclosure/2014/Dec/23
Common Vulnerability Exposure (CVE) ID: CVE-2014-8371
Common Vulnerability Exposure (CVE) ID: CVE-2013-2877
BugTraq ID: 61050
http://www.securityfocus.com/bid/61050
Debian Security Information: DSA-2724 (Google Search)
http://www.debian.org/security/2013/dsa-2724
Debian Security Information: DSA-2779 (Google Search)
http://www.debian.org/security/2013/dsa-2779
http://secunia.com/advisories/54172
http://secunia.com/advisories/55568
SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
SuSE Security Announcement: openSUSE-SU-2013:1221 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
SuSE Security Announcement: openSUSE-SU-2013:1246 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
http://www.ubuntu.com/usn/USN-1904-1
http://www.ubuntu.com/usn/USN-1904-2
Common Vulnerability Exposure (CVE) ID: CVE-2014-0191
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
BugTraq ID: 67233
http://www.securityfocus.com/bid/67233
RedHat Security Advisories: RHSA-2015:0749
http://rhn.redhat.com/errata/RHSA-2015-0749.html
SuSE Security Announcement: openSUSE-SU-2015:2372 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
XForce ISS Database: libxml2-cve20140191-dos(93092)
https://exchange.xforce.ibmcloud.com/vulnerabilities/93092
Common Vulnerability Exposure (CVE) ID: CVE-2014-0015
http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
BugTraq ID: 65270
http://www.securityfocus.com/bid/65270
Debian Security Information: DSA-2849 (Google Search)
http://www.debian.org/security/2014/dsa-2849
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html
http://www.securitytracker.com/id/1029710
http://secunia.com/advisories/56728
http://secunia.com/advisories/56731
http://secunia.com/advisories/56734
http://secunia.com/advisories/56912
http://secunia.com/advisories/59458
http://secunia.com/advisories/59475
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.502652
SuSE Security Announcement: openSUSE-SU-2014:0274 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-02/msg00066.html
http://www.ubuntu.com/usn/USN-2097-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-0138
Debian Security Information: DSA-2902 (Google Search)
http://www.debian.org/security/2014/dsa-2902
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://secunia.com/advisories/58615
SuSE Security Announcement: openSUSE-SU-2014:0530 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
http://www.ubuntu.com/usn/USN-2167-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1752
https://www.openwall.com/lists/oss-security/2013/12/27/9
Common Vulnerability Exposure (CVE) ID: CVE-2013-4238
Debian Security Information: DSA-2880 (Google Search)
http://www.debian.org/security/2014/dsa-2880
RedHat Security Advisories: RHSA-2013:1582
http://rhn.redhat.com/errata/RHSA-2013-1582.html
SuSE Security Announcement: openSUSE-SU-2013:1437 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html
SuSE Security Announcement: openSUSE-SU-2013:1438 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html
SuSE Security Announcement: openSUSE-SU-2013:1439 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html
SuSE Security Announcement: openSUSE-SU-2013:1440 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html
SuSE Security Announcement: openSUSE-SU-2013:1462 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html
SuSE Security Announcement: openSUSE-SU-2013:1463 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1982-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.