Vulnerabilities > Noviflow > Noviware > 400.2.6

DATE CVE VULNERABILITY TITLE RISK
2017-08-22 CVE-2017-12787 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Noviflow Noviware 400.2.6
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied.
network
low complexity
noviflow CWE-119
critical
 9.8
9.8
2017-08-22 CVE-2017-12786 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Noviflow Noviware 400.2.6
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied.
network
low complexity
noviflow CWE-119
critical
 9.8
9.8
2017-08-22 CVE-2017-12785 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Noviflow Noviware 400.2.6
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command.
network
low complexity
noviflow CWE-119
critical
 9.8
9.8