CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2215 – Novell ZENworks Configuration Management Preboot Service Remote File Access
https://notcve.org/view.php?id=CVE-2012-2215
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. Una vulnerabilidad de salto de directorio en el servicio de Preboot de Novell ZENworks Configuration Management (ZCM) v11.1 y v11.1a permite a atacantes remotos leer ficheros de su elección a través de una solicitud con código de operación (opcode) 0x21. • http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=975 https://exchange.xforce.ibmcloud.com/vulnerabilities/74189 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2011-3175 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3175
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x6C. • https://www.exploit-db.com/exploits/19959 https://www.exploit-db.com/exploits/19958 http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.exploit-db.com/exploits/19958 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2011-3176 – Novell ZENworks Configuration Management Preboot Service - 0x4c Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-3176
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. Un desbordamiento de búfer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar código de su elección a través de una solicitud de código de operación (opcode) 0x4C. • https://www.exploit-db.com/exploits/19959 https://www.exploit-db.com/exploits/19958 http://download.novell.com/Download?buildid=rs4B5jhWKf8~ http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html http://www.exploit-db.com/exploits/19959 http://www.novell.com/support/viewContent.do?externalId=7010044 http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 53%CPEs: 10EXPL: 0CVE-2011-4188
https://notcve.org/view.php?id=CVE-2011-4188
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. Desbordamiento de búfer en la función "Create Attribute" de JClient en Novell iManager v2.7.4 antes del parche 4 permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un parámetro EnteredAttrName modificado a mano. Se trata de un problema relacionado con CVE-2010-1929. • http://secunia.com/advisories/48672 http://www.novell.com/support/viewContent.do?externalId=7002971 http://www.securitytracker.com/id?1026894 https://exchange.xforce.ibmcloud.com/vulnerabilities/74669 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 63%CPEs: 7EXPL: 2CVE-2011-4189 – Novell Groupwise - Address Book Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-4189
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. El cliente de Novell GroupWise 8.0x hasta la versión 8.02HP3 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria dinámica y caída de la aplicación) a través de una dirección de e-mail extensa en una libreta de direcciones (archivo .NAB). Novell Groupwise Address Book suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/18546 http://osvdb.org/79720 http://secunia.com/advisories/48199 http://www.novell.com/support/viewContent.do?externalId=7010205 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=37&Itemid=37 http://www.securityfocus.com/bid/52233 http://www.securitytracker.com/id?1026753 https://bugzilla.novell.com/show_bug.cgi?id=733885 https://exchange.xforce.ibmcloud.com/vulnerabilities/73588 • CWE-94: Improper Control of Generation of Code ('Code Injection') •