TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | solaris | 10 |
| juniper | junos | 12.1x44 |
| oracle | solaris | 11 |
| juniper | junos | 11.4x27 |
| netbsd | netbsd | 1.6.2 |
| juniper | junos | 12.3 |
| juniper | junos | 12.2 |
| juniper | junos | 13.3 |
| netbsd | netbsd | 1.5.3 |
| microsoft | windows_xp | - |
| netbsd | netbsd | 1.6.1 |
| juniper | junos | 12.1x47 |
| microsoft | windows_server_2003 | - |
| juniper | junos | 12.1x45 |
| juniper | junos | 13.2 |
| xinuos | unixware | 7.1.1 |
| netbsd | netbsd | 1.6 |
| netbsd | netbsd | 2.0 |
| openpgp | openpgp | 2.6.2 |
| xinuos | unixware | 7.1.3 |
| juniper | junos | 12.1 |
| microsoft | windows_98 | - |
| netbsd | netbsd | 1.5 |
| netbsd | netbsd | 1.5.2 |
| juniper | junos | 11.4 |
| mcafee | network_data_loss_prevention | 9.2.0 |
| juniper | junos | 11.4r13 |
| microsoft | windows_98se | - |
| juniper | junos | 12.1r |
| juniper | junos | 13.1 |
| mcafee | network_data_loss_prevention | 9.2.1 |
| juniper | junos | * |
| mcafee | network_data_loss_prevention | 9.2.2 |
| xinuos | openserver | 5.0.6 |
| microsoft | windows_2000 | - |
| mcafee | network_data_loss_prevention | * |
| netbsd | netbsd | 1.5.1 |
| juniper | junos | 12.1x46 |
| xinuos | openserver | 5.0.7 |
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xinuos | openserver | 6.0 |
| xinuos | openserver | 5.0.7 |
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xinuos | openserver | 6.0 |
| xinuos | openserver | 5.0.7 |