CVE-2015-0786

CRITICAL

Novell Zenworks Configuration Management - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.

References (4)

[Vendor Advisory] https://www.novell.com/support/kb/doc.php?id=7016431

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032166

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74290

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-15-153

Scores

CVSS v3 9.8

EPSS 0.2533

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (1)

novell/zenworks_configuration_management

Timeline

Published Aug 09, 2017

Tracked Since Feb 18, 2026