ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0374
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0374)
Resumen:	The remote host is missing an update for the 'novnc' package(s) announced via the MGASA-2020-0374 advisory.
Descripción:	Summary: The remote host is missing an update for the 'novnc' package(s) announced via the MGASA-2020-0374 advisory. Vulnerability Insight: An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635) Affected Software/OS: 'novnc' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-18635 https://bugs.launchpad.net/horizon/+bug/1656435 https://github.com/ShielderSec/cve-2017-18635 https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534 https://github.com/novnc/noVNC/issues/748 https://github.com/novnc/noVNC/releases/tag/v0.6.2 https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/ https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html RedHat Security Advisories: RHSA-2020:0754 https://access.redhat.com/errata/RHSA-2020:0754 https://usn.ubuntu.com/4522-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.