- Home
- CVEs with nessus.description==The version of VMware Workspace Portal (formerly known as VMware
Horizon Workspace) installed on the remote host is missing package
updates. It is, therefore, affected by the following vulnerabilities
in the Bash shell :
- A command injection vulnerability exists in GNU Bash
known as Shellshock, which is due to the processing of
trailing strings after function definitions in the
values of environment variables. This allows a remote
attacker to execute arbitrary code via environment
variable manipulation depending on the configuration of
the system. By sending a specially crafted request to a
CGI script that passes environment variables, a remote,
unauthenticated attacker can execute arbitrary code on
the host. (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278,
CVE-2014-7169)
- An out-of-bounds memory access error exists due to
improper redirection implementation in the 'parse.y'
source file. A remote attacker can exploit this issue
to cause a denial of service or potentially execute
arbitrary code. (CVE-2014-7186)
- An off-by-one error exists in the 'read_token_word'
function in the 'parse.y' source file. A remote attacker
can exploit this issue to cause a denial of service or
potentially execute arbitrary code. (CVE-2014-7187)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top