Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0374
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0374)
Zusammenfassung:	The remote host is missing an update for the 'novnc' package(s) announced via the MGASA-2020-0374 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'novnc' package(s) announced via the MGASA-2020-0374 advisory. Vulnerability Insight: An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635) Affected Software/OS: 'novnc' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-18635 https://bugs.launchpad.net/horizon/+bug/1656435 https://github.com/ShielderSec/cve-2017-18635 https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534 https://github.com/novnc/noVNC/issues/748 https://github.com/novnc/noVNC/releases/tag/v0.6.2 https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/ https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html RedHat Security Advisories: RHSA-2020:0754 https://access.redhat.com/errata/RHSA-2020:0754 https://usn.ubuntu.com/4522-1/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.