Vendor CVEs
Astaro
All CVEs
21 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10127 | Cri | 0.64 | 9.8 | 0.01 | Sep 11, 2025 | Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials. | ||
| CVE-2023-47356 | Hig | 0.57 | 8.8 | 0.01 | Jul 17, 2025 | Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds. | ||
| CVE-2005-2729 | 0.04 | — | 0.07 | Aug 30, 2005 | The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services. | |||
| CVE-2002-0029 | 0.01 | — | 0.10 | Nov 29, 2002 | Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)… | |||
| CVE-2023-49321 | 0.00 | — | 0.01 | Nov 26, 2023 | Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements… | |||
| CVE-2023-43765 | 0.00 | — | 0.01 | Sep 22, 2023 | Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for… | |||
| CVE-2023-42521 | 0.00 | — | 0.01 | Sep 18, 2023 | Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later,… | |||
| CVE-2023-42520 | 0.00 | — | 0.01 | Sep 18, 2023 | Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later,… | |||
| CVE-2023-42526 | 0.00 | — | 0.01 | Sep 18, 2023 | Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and… | |||
| CVE-2021-25692 | 0.00 | — | 0.00 | Apr 6, 2021 | Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. | |||
| CVE-2012-3238 | 0.00 | — | 0.03 | Jul 9, 2012 | Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. | |||
| CVE-2007-4243 | 0.00 | — | 0.03 | Aug 8, 2007 | Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data. | |||
| CVE-2007-4242 | 0.00 | — | 0.02 | Aug 8, 2007 | The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment. | |||
| CVE-2007-3253 | 0.00 | — | 0.03 | Jun 18, 2007 | Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during… | |||
| CVE-2005-3985 | 0.00 | — | 0.04 | Dec 4, 2005 | The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due… | |||
| CVE-2005-3100 | 0.00 | — | 0.02 | Sep 28, 2005 | Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service. | |||
| CVE-2005-2730 | 0.00 | — | 0.02 | Aug 30, 2005 | The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message. | |||
| CVE-2005-2731 | 0.00 | — | 0.01 | Aug 30, 2005 | Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl. | |||
| CVE-2004-2251 | 0.00 | — | 0.02 | Dec 31, 2004 | The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. | |||
| CVE-2004-2252 | 0.00 | — | 0.04 | Dec 31, 2004 | The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||
| CVE-2002-1737 | 0.00 | — | 0.00 | Dec 31, 2002 | Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files. |
- risk 0.64cvss 9.8epss 0.01
Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.
- risk 0.57cvss 8.8epss 0.01
Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds.
- CVE-2005-2729Aug 30, 2005risk 0.04cvss —epss 0.07
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
- CVE-2002-0029Nov 29, 2002risk 0.01cvss —epss 0.10
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)…
- CVE-2023-49321Nov 26, 2023risk 0.00cvss —epss 0.01
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements…
- CVE-2023-43765Sep 22, 2023risk 0.00cvss —epss 0.01
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for…
- CVE-2023-42521Sep 18, 2023risk 0.00cvss —epss 0.01
Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later,…
- CVE-2023-42520Sep 18, 2023risk 0.00cvss —epss 0.01
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later,…
- CVE-2023-42526Sep 18, 2023risk 0.00cvss —epss 0.01
Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and…
- CVE-2021-25692Apr 6, 2021risk 0.00cvss —epss 0.00
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.
- CVE-2012-3238Jul 9, 2012risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
- CVE-2007-4243Aug 8, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
- CVE-2007-4242Aug 8, 2007risk 0.00cvss —epss 0.02
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
- CVE-2007-3253Jun 18, 2007risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during…
- CVE-2005-3985Dec 4, 2005risk 0.00cvss —epss 0.04
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due…
- CVE-2005-3100Sep 28, 2005risk 0.00cvss —epss 0.02
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
- CVE-2005-2730Aug 30, 2005risk 0.00cvss —epss 0.02
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
- CVE-2005-2731Aug 30, 2005risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
- CVE-2004-2251Dec 31, 2004risk 0.00cvss —epss 0.02
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
- CVE-2004-2252Dec 31, 2004risk 0.00cvss —epss 0.04
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
- CVE-2002-1737Dec 31, 2002risk 0.00cvss —epss 0.00
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.