AstaroCVEs & Vulnerabilities

12 CVEs affecting Astaro products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

security linux 24security gateway 10security gateway software 1
CVE-2012-3238MEDIUM

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

10 Jul 2012
4.3
CVSS
CVE-2007-4242MEDIUM

The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.

9 Aug 2007
5.0
CVSS
CVE-2007-4243HIGH

Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.

9 Aug 2007
7.8
CVSS
CVE-2007-3253HIGH

Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session.

18 Jun 2007
7.8
CVSS
CVE-2005-3985HIGH

The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

5 Dec 2005
7.8
CVSS
CVE-2005-3100MEDIUM

Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.

29 Sep 2005
5.0
CVSS
CVE-2005-2730MEDIUM

The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.

30 Aug 2005
5.0
CVSS
CVE-2005-2731LOW

Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.

30 Aug 2005
2.1
CVSS
CVE-2005-2729HIGHpoc

The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.

30 Aug 2005
7.5
CVSS
CVE-2004-2251MEDIUM

The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.

31 Dec 2004
5.0
CVSS
CVE-2002-1737LOW

Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.

31 Dec 2002
2.1
CVSS
CVE-2002-0029HIGH

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

29 Nov 2002
7.5
CVSS
← PrevPage 1 / 1Next →