CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2007-4654
https://notcve.org/view.php?id=CVE-2007-4654
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. Vulnerabilidad no especificada en SSHield 1.6.1 con OpenSSH 3.0.2p1 sobre Cisco WebNS 8.20.0.1 sobre dispositivos Cisco Content Services Switch (CSS) series 11000 permite a atacantes remotos provocar denegación de servicio (agotamiento de la ranura de conexión y caida del dispositivo) a través de una serie de paquetes grandes diseñados para explotar el desbordamiento de detección de ataque de SSH CRC32 (CVE-2001-0144), posiblemente un asunto relacionado con CVE-2002-1024. • http://osvdb.org/45873 http://securityreason.com/securityalert/3091 http://www.securityfocus.com/archive/1/478165/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44542 • CWE-399: Resource Management Errors •
CVSS: 6.2EPSS: 0%CPEs: 47EXPL: 2CVE-2007-4305 – Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-4305
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. Múltiples condiciones de carrera en (1) el modo monitor de Sudo Y (2) políticas Sysjail en Systrace de NetBSD y OpenBSD permiten a usuarios locales vencer la interposición en llamadas al sistema, y por tanto evitar la política de control de acceso y monitorización. • https://www.exploit-db.com/exploits/30484 http://secunia.com/advisories/26479 http://www.securityfocus.com/bid/25258 http://www.watson.org/~robert/2007woot •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2007-2768
https://notcve.org/view.php?id=CVE-2007-2768
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. OpenSSH, cuando utiliza OPIE(One-Time Passwords in Everything) para PAM, permiet a atacantes remotos determinar la existencia de ciertas cuentas de usuarios, lo cual muestra una respuesta diferente si la cuenta de usuario existe y si está configurada para utilizar one-time passwords (OTP), un asunto similar es el CVE-2007-2243. • http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html http://www.osvdb.org/34601 https://security.netapp.com/advisory/ntap-20191107-0002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 14%CPEs: 9EXPL: 0CVE-2007-2242 – IPv6 routing headers issue
https://notcve.org/view.php?id=CVE-2007-2242
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. El protocolo IPv6 permite a atacantes remotos provocar una denegación de servicio mediante cabeceras IPv6 de enrutamiento de tipo 0 (IPV6_RTHDR_TYPE_0) lo cual provoca amplificación de la red entre dos enrutadores. • http://docs.info.apple.com/article.html?artnum=305712 http://docs.info.apple.com/article.html?artnum=306375 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://openbsd.org/errata39.html#022_route6 http://openbsd.org/errata40.html#012_route6 http://secunia.com/advisories/24978 http://secunia.com/advisories/25033 http://secunia.com/advisories/25068 http://secunia.com/advisories/25083 http://secunia.com/advisories/25288 http://secunia.com/advisories/25 •
CVSS: 5.0EPSS: 0%CPEs: 62EXPL: 0CVE-2007-2243 – OpenSSH s/key Weakness
https://notcve.org/view.php?id=CVE-2007-2243
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. OpenSSH 4.6 y anteriores, cuando ChallengeResponseAuthentication está habilitado, permite a atacantes remotos determinar la existencia de cuentas de usuario intentando autenticarse mediante S/KEY, lo cual muestra una respuesta diferente si la cuenta de usuario existe, un problema similar a CVE-2001-1483. OpenSSH, when configured to use S/KEY authentication, is prone to a remoteinformation disclosure weakness. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html http://securityreason.com/securityalert/2631 http://www.osvdb.org/34600 http://www.securityfocus.com/bid/23601 https://exchange.xforce.ibmcloud.com/vulnerabilities/33794 https://security.netapp.com/advisory/ntap-20191107-0003 • CWE-287: Improper Authentication •