CVSS: 10.0EPSS: 9%CPEs: 19EXPL: 0CVE-2014-0610
https://notcve.org/view.php?id=CVE-2014-0610
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. El cliente en Novell GroupWise anterior a 8.0.3 HP4, 2012 anterior a SP3, y 2014 anterior a SP1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero inválido) a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7015565 http://www.securitytracker.com/id/1030802 https://bugzilla.novell.com/show_bug.cgi?id=874533 https://exchange.xforce.ibmcloud.com/vulnerabilities/95738 •
CVSS: 7.8EPSS: 65%CPEs: 1EXPL: 0CVE-2014-0600 – Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0600
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. FileUploadServlet en el servicio de administración en Novell GroupWise 2014 anterior a SP1 permite a atacantes remotos leer o escribir ficheros arbitrarios a través del parámetro poLibMaintenanceFileSave, también conocido como ZDI-CAN-2287. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of the poLibMaintenanceFileSave parameter within the FileUploadServlet. By abusing this flaw an attacker can disclose and destroy arbitrary files on the server and possibly leverage this information to achieve remote code execution in a subsequent attack. • http://www.novell.com/support/kb/doc.php?id=7015566 http://www.securitytracker.com/id/1030801 http://www.zerodayinitiative.com/advisories/ZDI-14-296 https://bugzilla.novell.com/show_bug.cgi?id=879192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0609
https://notcve.org/view.php?id=CVE-2014-0609
Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors. Vulnerabilidad no especificada en Novell Open Enterprise Server (OES) 11 SP1 anterior a Scheduled Maintenance Update 9415 y 11 SP2 anterior a Scheduled Maintenance Update 9413 para Linux tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/59982 http://www.novell.com/support/kb/doc.php?id=7010867 http://www.novell.com/support/kb/doc.php?id=7014420 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 3CVE-2013-4357
https://notcve.org/view.php?id=CVE-2013-4357
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. El paquete eglibc versiones anteriores a la versión 2.14, manejó incorrectamente la función getaddrinfo(). Un atacante podría usar este problema para causar una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html http://www.openwall.com/lists/oss-security/2013/09/17/4 http://www.openwall.com/lists/oss-security/2013/09/17/8 http://www.openwall.com/lists/oss-security/2015/01/28/18 http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.openwall.com/lists/oss-security/2015/02/24/3 http://www.securityfocus.com/bid/67992 http://www.ubuntu.com/usn/USN-2306-1 http://www.u • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-0598
https://notcve.org/view.php?id=CVE-2014-0598
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. Vulnerabilidad de salto de directorio en iPrint en Novell Open Enterprise Server (OES) 11 SP1 anterior a la actualización de mantenimiento (Maintenance Update) 9151 en Linux tiene impacto y vectores remotos de ataque no especificados. • http://secunia.com/advisories/59113 http://www.securityfocus.com/bid/68066 https://bugzilla.novell.com/show_bug.cgi?id=869970 https://www.novell.com/support/kb/doc.php?id=7010867 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •