CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5806
https://notcve.org/view.php?id=CVE-2006-5806
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. El SSL VPN Client del Cisco Secure Desktop en versiones anteriores a la 3.1.1.45, cuando se está creando la configuración de un buscador web después de una conexión con éxito, almacena información sensible de la sesión del buscador en un directorio externo al CSD y permite al usuario guardar ficheros fuera de la parte segura, que no son borrados una vez que la conexión VPN finaliza con lo que permite a usuarios locales leer datos codificados. • http://secunia.com/advisories/22747 http://securitytracker.com/id?1017195 http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml http://www.osvdb.org/30306 http://www.securityfocus.com/bid/20964 http://www.vupen.com/english/advisories/2006/4409 https://exchange.xforce.ibmcloud.com/vulnerabilities/30129 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5393
https://notcve.org/view.php?id=CVE-2006-5393
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. Cisco Secure Desktop (CSD) no requiere que el valor del registro sea 1 para el ClearPageFileAtShutdown (aka CCE-Winv2.0-407), el cual puede permitir a los usuarios locales la lectura de ciertas páginas de memoria que fueron escritas durante otra sesión SSL VPN para un usuario diferente. • http://securitytracker.com/id?1017018 http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml http://www.securityfocus.com/bid/20410 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5394
https://notcve.org/view.php?id=CVE-2006-5394
The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session. La configuración por defecto del Cisco Secure Desktop (CSD)-Escritorio de Seguridad de Cisco- tiene deshabilitada la opción "Disable printing" en la Secure Desktop Settings -Configuración de Seguridad del Escritorio-, lo que permite a los usuarios locales la lectura de datos que fueron enviados a la impresora durante otra sesión SSL VPN para un usuario diferente. • http://securitytracker.com/id?1017018 http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml http://www.securityfocus.com/bid/20410 •
CVSS: 5.0EPSS: 93%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •
CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •