CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente diseñado • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 3CVE-2011-4191 – Novell Netware - XNFS caller_name xdrDecodeString Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-4191
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets. Desbordamiento de búfer basado en la pila en la función xdrDecodeString en XNFS.NLM en Novell NetWare v6.5 SP8 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (abend o interrupción NFS) a través de paquetes largos. • https://www.exploit-db.com/exploits/18351 https://www.exploit-db.com/exploits/18327 https://www.exploit-db.com/exploits/18328 http://download.novell.com/Download?buildid=Cfw1tDezgbw~ https://bugzilla.novell.com/show_bug.cgi?id=671020 https://bugzilla.novell.com/show_bug.cgi?id=702491 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 88%CPEs: 3EXPL: 3CVE-2010-4228 – Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4228
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. Desbordamiento de búfer basado en pila en NWFTPD.NLM anteriores a v5.10.02 en el servidor FTP en Novell NetWare, permite a usuarios remotos autenticados ejecutar código de su elección o provocar una denegación de servicio (abend) a través de un comando DELE, es una vulnerabilidad distinta que CVE-2010-0625.4 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability. The flaw exists within NWFTPD.NLM. When handling the argument provided to the DELE command the application copies user supplied data to a fixed length stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the super user. • https://www.exploit-db.com/exploits/17020 http://secunia.com/advisories/43824 http://securityreason.com/securityalert/8149 http://www.novell.com/support/viewContent.do?externalId=3238588 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25 http://www.securityfocus.com/bid/46922 http://www.zerodayinitiative.com/advisories/ZDI-11-106 https://bugzilla.novell.com/show_bug.cgi?id=641249 https://exchange.xforce.ibmcloud.com/vulnerabilities/66170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 94%CPEs: 8EXPL: 4CVE-2010-4227 – Novell Netware RPC XNFS xdrDecodeString Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4227
The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow. La función xdrDecodeString en XNFS.NLM en Novell Netware v6.5 anterior a SP8 permite a atacantes remotos provocar una denegación de servicio o ejecutar código arbitrario a través de un valor firmado manipulado en una peticion RPC NFS para el puerto UDP 1234, dando lugar a un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC request the xdrDecodeString function uses a user supplied length value to null terminate a string. • https://www.exploit-db.com/exploits/16234 http://download.novell.com/Download?buildid=1z3z-OsVCiE~ http://secunia.com/advisories/43431 http://securityreason.com/securityalert/8104 http://www.exploit-db.com/exploits/16234 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=24&Itemid=24 http://www.securityfocus.com/archive/1/516645/100/0/threaded http://www.securityfocus.com/bid/46535 http://www.securitytracker.com/id?1025119 http://www.vupen.com/english& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 45%CPEs: 20EXPL: 4CVE-2010-2351 – Netware - SMB Remote Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-2351
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. Desbordamiento de búfer basado en pila en el controlador CIFS.NLM de Netware SMB v1.0 de Novell Netware v6.5 SP8 y anteriores. Permite a atacantes remotos ejecutar código de su elección a través de un paquete Sessions Setup AndX con un AccountName extenso. • https://www.exploit-db.com/exploits/13906 http://download.novell.com/Download?buildid=tMWCI1cdI7s~ http://secunia.com/advisories/40199 http://www.exploit-db.com/exploits/13906 http://www.securityfocus.com/bid/40908 http://www.stratsec.net/Research/Advisories/SS-2010-006-Netware-SMB-Remote-Stack-Overflow http://www.vupen.com/english/advisories/2010/1514 https://exchange.xforce.ibmcloud.com/vulnerabilities/59501 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •