CVSS: 5.8EPSS: 2%CPEs: 7EXPL: 0CVE-2011-0992
https://notcve.org/view.php?id=CVE-2011-0992
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. Vulnerabilidad de tipo usar después de liberar en Mono, si Moonlight v2.x anteriores a 2.4.1 o 3.x anteriores a 3.99.3 es utilizado, permite a atacantes remotos provocar una denegación de servicio (caída o cuelgue del plugin) u obtener información confidencial a través de datos miembros de una instancia "resurrected MonoThread". • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html http://openwall.com/lists/oss-security/2011/04/06/14 http://secunia.com/advisories/44002 http://secunia.com/advisories/44076 http://www.mono-project.com/Vulnerabilities http://www.securityfocus.com/bid/47208 http://www.vupen.com/english/advisories/2011/0904 https://bugzilla.novell.com/show_bug.cgi?id=667077 https://bugzilla.novell.com/show_bug.cgi?id=678515 https://bugzilla.redhat.com/show_bug.cgi?id=6949 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 88%CPEs: 3EXPL: 0CVE-2010-4229 – Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4229
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request. Vulnerabilidad de salto de directorio en Componente de inventario en ZENworks Asset Management en Novell ZENworks Configuration Management v10.3 anteriores a v10.3.2 y v11, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección al utilizar caracteres .. (punto punto) en el campo nombre de fichero en una petición de subida de ficheros. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. • http://secunia.com/advisories/44120 http://securityreason.com/securityalert/8207 http://securitytracker.com/id?1025313 http://www.novell.com/support/viewContent.do?externalId=7007841 http://www.securityfocus.com/archive/1/517425/100/0/threaded http://www.securityfocus.com/bid/47295 http://www.vupen.com/english/advisories/2011/0917 http://zerodayinitiative.com/advisories/ZDI-11-118 https://exchange.xforce.ibmcloud.com/vulnerabilities/66656 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2011-0462
https://notcve.org/view.php?id=CVE-2011-0462
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de inicio de sesión del componente de WebUI en SUSE openSUSE Build Service (OBS) antes de v2.1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems https://bugzilla.novell.com/show_bug.cgi?id=669909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2011-0466
https://notcve.org/view.php?id=CVE-2011-0466
The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. La API en SUSE openSUSE Build Service (OBS) v2.0.x antes de v2.0.8 y v2.1.x antes de v2.1.6 permite a atacantes eludir restricciones intencionadas de acceso de escritura y modificar un (1) paquete o (2) proyecto, a través de vectores no especificados. • http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 82%CPEs: 1EXPL: 0CVE-2011-0994 – Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0994
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data. Desbordamiento de búfer de pila en NFRAgent.exe en Novell File Reporter (NFR) anterior a v1.0.2 permite a atacantes remotos ejecutar código arbitrario mediante datos XML no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the NFRAgent.exe component which listens by default on TCP port 3037. When handling the contents of an XML tag the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://download.novell.com/Download?buildid=rCAgCcbPH9s~ http://secunia.com/advisories/43975 http://securityreason.com/securityalert/8194 http://www.securityfocus.com/archive/1/517321/100/0/threaded http://www.securityfocus.com/bid/47144 http://www.securitytracker.com/id?1025292 http://www.vupen.com/english/advisories/2011/0866 http://www.zerodayinitiative.com/advisories/ZDI-11-116 https://exchange.xforce.ibmcloud.com/vulnerabilities/66548 https://oval.cisecurity.org/repository/search/definiti • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •