CVSS: 10.0EPSS: 3%CPEs: 355EXPL: 0CVE-2013-1379 – flash-plugin: multiple code execution flaws (APSB13-11)
https://notcve.org/view.php?id=CVE-2013-1379
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a v10.3.183.75 y v11.x anterior a v11.7.700.169 en Windows y Mac OS X, anterior a v10.3.183.75 y v11.x anterior a v11.2.202.280 en Linux, anterior a v11.1.111.50 en Android v2.x y v3.x, y anterior a v11.1.115.54 en Android v4.x; Adobe AIR anterior a v3.7.0.1530; y Adobe AIR SDK & Compiler anterior a v3.7.0.1530 no inicializa correctamente las matrices de punteros, lo que permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0730.html http://www.adobe.com/support/security/bulletins/apsb13-11.html https://access.redhat.com/security/cve/CVE-2013-1379 https://bugzilla.redhat.com/show_bug.cgi?id=950180 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2770
https://notcve.org/view.php?id=CVE-2013-2770
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate. La funcionalidad de instalación en el componente Novell Kanaka anterior a 2.8 para Novell Enterprise Server en OS X no verifica el certificado X.509 del servidor durante la sesión SSL, lo que permite a atacantes MiTM suplantar a los servidores a través de un certificado de su elección. • http://www.novell.com/support/kb/doc.php?id=7011965 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1083
https://notcve.org/view.php?id=CVE-2013-1083
Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors. Vulnerabilidad sin especificar en la funcionalidad de login en el Reporting Module en Novell Identity Manager (también conocido como IDM) Roles Based Provisioning Module v4.0.2 anterior a Field Patch C tiene un impacto y vectores de ataque desconocidos. • http://download.novell.com/Download?buildid=nbGXg-msbmw~ https://bugzilla.novell.com/show_bug.cgi?id=807193 •
CVSS: 4.3EPSS: 4%CPEs: 8EXPL: 2CVE-2012-6534 – Novell Sentinel Log Manager 1.2.0.2 - Retention Policy
https://notcve.org/view.php?id=CVE-2012-6534
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action. Novel Sentinel Log Manager anterior a v1.2.0.3 permite a atacantes remotos crear políticas de retención de datos a través de una petición test/-x-gwt-rpc manipulada para novelllogmanager/datastorageservice.rpc, y permite a los administradores de informes autenticados crear políticas de retención de datos a través de un resultado de búsqueda "Save Query As" "Save As Retention Policy". • https://www.exploit-db.com/exploits/21744 http://seclists.org/fulldisclosure/2012/Oct/25 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5150932.html https://bugzilla.novell.com/show_bug.cgi?id=771634 https://www.netiq.com/documentation/novelllogmanager12/readme/data/log_manager1203_readme.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 96%CPEs: 2EXPL: 0CVE-2013-1082 – Novell ZENworks Mobile Management DUSAP.php Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1082
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. Vulnerabilidad de salto de directorio en Novell ZENworks Mobile Management anterior a v2.7.1 que permite a atacantes remotos incluir y ejecutar ficheros locales arbitrarios a través de parámetros del lenguaje. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Mobile Management . Authentication is not required to exploit this vulnerability. The specific flaw exists within DUSAP.php, which receives a 'language' variable which later is used to include arbitrary resources from the local filesystem via require_once(). A remote attacker can abuse this to execute remote code under the context of the process running. • http://www.novell.com/support/kb/doc.php?id=7011896 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •