CVSS: 10.0EPSS: 2%CPEs: 25EXPL: 0CVE-2011-4185
https://notcve.org/view.php?id=CVE-2011-4185
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. El método GetPrinterURLList2 en el control ActiveX del cliente de Novell iPrint Client anteriores a v5.78 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2008-2431 y CVE-2008-2436. • http://www.novell.com/support/viewContent.do?externalId=7008708 http://www.novell.com/support/viewContent.do?externalId=7010144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 25EXPL: 0CVE-2011-4186 – Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4186
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705. Una vulnerabilidad de desbordamiento de pila basado en búfer en nipplib.dll en el cliente de Novell iPrint antes de v5.78 bajo Windows permite a atacantes remotos ejecutar código de su elección a través de un parámetro client-file-name (nombre de archivo cliente) en una URL de impresora. Se trata de una vulnerabilidad diferente a CVE-2011-1705. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins as well as the Microsoft Windows spooler service. • http://www.novell.com/support/viewContent.do?externalId=7008708 http://www.novell.com/support/viewContent.do?externalId=7010145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 93%CPEs: 5EXPL: 0CVE-2011-4194 – Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4194
Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field. Desbordamiento de buffer en Novell iPrint Server de Novell Open Enterprise Server 2 (OES2) hasta la versión SP3 de Linux permite a atacantes remotos ejecutar código arbitrario a través de un campo attributes-natural-language modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the mod_ipp apache module component of the iprint-server, which listens by default on 631/tcp. During the handling of get-printer-attributes requests containing a attributes-natural-language attribute cause a validation routine to be hit. • http://www.novell.com/support/viewContent.do?externalId=7010084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 1%CPEs: 18EXPL: 1CVE-2011-4914
https://notcve.org/view.php?id=CVE-2011-4914
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. La implementación del protocolo ROSE en el kernel de Linux anteriores a v2.6.39 no verifica que algunos valores de la longitud de datos son consistentes con la cantidad de datos enviada, lo que podría permitir a atacantes remotos a obtener información sensible de la memoria del kernel o provocar una denegación de servicio (lectura fuera de los límites) a través de una cadena de datos manipulada sobre un socket ROSE. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/12/28/2 https://bugzilla.redhat.com/show_bug.cgi?id=770777 https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2011-1710
https://notcve.org/view.php?id=CVE-2011-1710
Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables. Múltiples desbordamientos de entero en el servidor HTTP en el framework Novell XTier v3.1.8 permite a atacantes remotos provocar una denegación de servicio (caída del servicio) o posiblemente ejecutar código de su elección a través de la longitud de las variables de cabecera modificadas. • http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00012.html http://support.novell.com/security/cve/CVE-2011-1710.html https://bugzilla.novell.com/585440 • CWE-189: Numeric Errors •