Silentsignal

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.9 Apple Remote Desktop versions prior to 3.5.4 **Description** The issue allows remote attackers to execute arbitrary code via format string specifiers in a VNC `username`. This can be exploited by including format string specifiers in the `username` variable. **Recommendations** For Apple Mac OS X versions prior to 10.9, update to version 10.9 or later. For Apple Remote Desktop versions prior to 3.5.4, update to version 3.5.4 or later. As a temporary workaround, consider restricting access to the VNC server until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Novell ZENworks Configuration Manager versions 10.3.1 through 11.0 and earlier versions **Description** The issue is related to a heap-based buffer overflow in the novell-tftp.exe component, allowing remote attackers to execute arbitrary code via a long TFTP request. **Recommendations** For versions 10.3.1 through 11.0 and earlier versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Network Node Manager versions 7.51 through 7.53 **Description** The issue is related to a stack-based buffer overflow in the ovutil.dll component. This allows remote attackers to execute arbitrary code by providing a long `COOKIE` variable. **Recommendations** For HP OpenView Network Node Manager versions 7.51 through 7.53, consider restricting access to the ovutil.dll component until a patch is available. Avoid using long `COOKIE` variables in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.