VMware vCenter Server Appliance (vCSA) 5.0 Update1

CPE Details

VMware vCenter Server Appliance (vCSA) 5.0 Update1
vmware
vcenter_server_appliance
5.0
2019-05-09
17h31 +00:00
2019-05-09
17h31 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update1:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vcenter_server_appliance

Version

5.0

Update

update1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2014-7169 2014-09-25 01h00 +00:00 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
9.8
Critique
CVE-2014-6271 2014-09-24 18h00 +00:00 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
9.8
Critique
CVE-2014-4258 2014-07-17 08h00 +00:00 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
6.5
CVE-2013-3107 2013-05-01 10h00 +00:00 VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.
4.3
CVE-2012-6326 2013-02-22 20h00 +00:00 VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.
7.8
CVE-2012-6324 2012-12-21 21h00 +00:00 Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.
4
CVE-2012-6325 2012-12-21 21h00 +00:00 VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.
4