CVSS: 10.0EPSS: 72%CPEs: 3EXPL: 0CVE-2011-2662
https://notcve.org/view.php?id=CVE-2011-2662
Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message. Error de signo de entero en el GroupWise Internet Agent (GWIA) en Novell GroupWise v8.0 anterior a HP3 permite a atacantes remotos ejecutar código arbitrario a través de una propiedad BYWEEKNO negativa en una variable RRULE semanal en un archivo adjunto VCALENDAR en un mensaje electrónico. • http://www.novell.com/support/viewContent.do?externalId=7009215 https://bugzilla.novell.com/show_bug.cgi?id=707527 https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 66%CPEs: 3EXPL: 0CVE-2011-2663
https://notcve.org/view.php?id=CVE-2011-2663
Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message. Error en el indice del array en GroupWise Internet Agent (GWIA) en Novell GroupWise 8.0 anterior a HP3 permite a atacantes remotos ejecutar código arbitrario a través de una variable RRULE anual manipulada en un adjunto VCALENDAR en un mensaje de e-mail. • http://www.novell.com/support/viewContent.do?externalId=7009216 http://www.securityfocus.com/archive/1/519875/100/0/threaded https://bugzilla.novell.com/show_bug.cgi?id=705917 https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 72%CPEs: 3EXPL: 0CVE-2011-0334
https://notcve.org/view.php?id=CVE-2011-0334
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file. Desbordamiento de búfer basado en pila en gwia.exe en GroupWise Internet Agent (GWIA) en Novell GroupWise v8.0 anteriores a vHP3, permite a atacantes remotos ejecutar código de su elección a través de una respuesta HTTP larga para un fichero .css. • http://secunia.com/secunia_research/2011-67 http://www.novell.com/support/viewContent.do?externalId=7009210 https://bugzilla.novell.com/show_bug.cgi?id=678939 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 66%CPEs: 3EXPL: 0CVE-2011-0333
https://notcve.org/view.php?id=CVE-2011-0333
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error." Desbordamiento de búfer basado en memoria dinámica en la función NgwiCalVTimeZoneBody::ParseSelf de gwwww1.dll de GroupWise Internet Agent (GWIA) de Novell GroupWise 8.0 anterior a HP3 permite a atacantes remotos ejecutar código de su elección a través de la variable TZNAME manipulada en un adjunto VCALENDAR en un mensaje de correo electrónico. Está relacionado con un "error de truncado de entero". • http://secunia.com/secunia_research/2011-66 http://www.novell.com/support/viewContent.do?externalId=7009208 https://bugzilla.novell.com/show_bug.cgi?id=678715 https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 34%CPEs: 3EXPL: 0CVE-2011-2654 – Novell Cloud Manager Insufficient Framework User Validation Vulnerability
https://notcve.org/view.php?id=CVE-2011-2654
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. La implementación de RPC en el servidor de Novell Cloud Manager v1.1.2 anterior a la revisión 3 no inicializa correctamente los objetos, que permite a atacantes remotos ejecutar código arbitrario mediante llamadas RPC que aprovechan los privilegios incorrectos asociados con una sesión parcialmente inicializado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. • http://download.novell.com/Download?buildid=NSONlV5PqMo~ http://secunia.com/advisories/45845 http://www.securityfocus.com/bid/49432 http://www.securitytracker.com/id?1026006 http://zerodayinitiative.com/advisories/ZDI-11-278 • CWE-20: Improper Input Validation •