EUVD-2011-2208

Malware in sbrugna...

SUSE CVE-2011-2219

Unspecified vulnerability in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service daemon crash via unknown vectors, a different vulnerability than CVE-2011-2218...

Null pointer dereference

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service incorrect pointer dereference via unspecified vectors...

CVE-2012-4912

CVE-2012-4912 describes an XSS vulnerability in the Novell GroupWise WebAccess component. Affected products include GroupWise 8.x prior to 8.0.3 SP, and 2012 versions prior to SP1. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email signature, leading...

CVE-2011-3827

The iCalendar component in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service out-of-bounds read and daemon crash via a crafted date-time string in a .ics attachment...

Integer overflow

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...

Cross site scripting

Cross-site scripting XSS vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter...

CVE-2012-0272

CVE-2012-0272 concerns an XSS vulnerability in the WebAccess component of Novell GroupWise 8.0 prior to Support Pack 3, where an attacker can inject arbitrary script or HTML via the merge parameter. Multiple connected sources (SUSE SUSE CVE page, NVD/NVD entries, Nessus plugin) corroborate the af...

CVE-2011-3827

CVE-2011-3827 affects Novell GroupWise Internet Agent (GWIA) 8.0 prior to Support Pack 3. The iCalendar parsing in gwwww1.dll (NgwiCalTimeProperty::date) may read beyond the string when parsing a date-time, causing an out-of-bounds read and GWIA daemon crash (DoS) via a crafted .ics attachment. R...

CVE-2011-3827

The iCalendar component in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service out-of-bounds read and daemon crash via a crafted date-time string in a .ics attachment...

CVE-2011-2218

Unspecified vulnerability in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service daemon crash via unknown vectors, a different vulnerability than CVE-2011-2219...

Stack overflow

Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file...

Code injection

Unspecified vulnerability in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service daemon crash via unknown vectors, a different vulnerability than CVE-2011-2219...

Code injection

Array index error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message...

Integer overflow

Integer signedness error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message...

Code injection

Unspecified vulnerability in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service daemon crash via unknown vectors, a different vulnerability than CVE-2011-2218...

CVE-2011-2662

CVE-2011-2662 is a memory corruption/remote code‑execution vulnerability in Novell GroupWise Internet Agent (GWIA) 8.0 prior to HP3. The issue arises when parsing a VCALENDAR RRULE with a negative BYWEEKNO value, triggering a write beyond a heap buffer. This is described across multiple sources (...

CVE-2011-2218

CVE-2011-2218 concerns Novell GroupWise 8.0 clients using the GWIA component. The vulnerability allows remote attackers to cause a denial of service (daemon crash) on affected systems running GroupWise 8.0 before HP3 via unknown vectors. The description does not specify concrete exploit details o...

CVE-2011-2219

Technical details for CVE-2011-2219 are not provided in the connected documents; the available sources describe a DoS vulnerability in GWIA with unknown vectors. Monitor for updates.

CVE-2011-2663

Array index error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message...