MidnightBSD

Advisories for xinuos

CVE-2004-0230 MEDIUM

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle solaris 10
juniper junos 12.1x44
oracle solaris 11
juniper junos 11.4x27
netbsd netbsd 1.6.2
juniper junos 12.3
juniper junos 12.2
juniper junos 13.3
netbsd netbsd 1.5.3
microsoft windows_xp -
netbsd netbsd 1.6.1
juniper junos 12.1x47
microsoft windows_server_2003 -
juniper junos 12.1x45
juniper junos 13.2
xinuos unixware 7.1.1
netbsd netbsd 1.6
netbsd netbsd 2.0
openpgp openpgp 2.6.2
xinuos unixware 7.1.3
juniper junos 12.1
microsoft windows_98 -
netbsd netbsd 1.5
netbsd netbsd 1.5.2
juniper junos 11.4
mcafee network_data_loss_prevention 9.2.0
juniper junos 11.4r13
microsoft windows_98se -
juniper junos 12.1r
juniper junos 13.1
mcafee network_data_loss_prevention 9.2.1
juniper junos *
mcafee network_data_loss_prevention 9.2.2
xinuos openserver 5.0.6
microsoft windows_2000 -
mcafee network_data_loss_prevention *
netbsd netbsd 1.5.1
juniper junos 12.1x46
xinuos openserver 5.0.7
CVE-2020-25494 HIGH

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
xinuos openserver 6.0
xinuos openserver 5.0.7
CVE-2020-25495 MEDIUM

A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xinuos openserver 6.0
xinuos openserver 5.0.7