VYPR
Vendor

Openslp

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2016-7567CriJan 23, 2017
    risk 0.68cvss 9.8epss 0.12

    Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.

  • CVE-2017-17833CriApr 23, 2018
    risk 0.64cvss 9.8epss 0.04

    OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

  • CVE-2021-21974HigFeb 24, 2021
    risk 0.62cvss 8.8epss 0.45

    OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the…

  • CVE-2015-5177HigOct 22, 2017
    risk 0.49cvss 7.5epss 0.06

    Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

  • CVE-2016-4912HigMar 27, 2017
    risk 0.49cvss 7.5epss 0.05

    The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.

  • CVE-2020-3992KEVOct 20, 2020
    risk 0.25cvss epss 0.83

    OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to…

  • CVE-2010-3609Mar 11, 2011
    risk 0.04cvss epss 0.17

    The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a…

  • CVE-2005-0769May 2, 2005
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.

  • CVE-2003-0875Nov 17, 2003
    risk 0.00cvss epss 0.00

    Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.