LAYER: meta-oe
PACKAGE NAME: audit
PACKAGE VERSION: 4.0.1
CVE: CVE-2007-4148
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a "LOG." command.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4148

LAYER: meta-oe
PACKAGE NAME: audit
PACKAGE VERSION: 4.0.1
CVE: CVE-2007-4149
CVE STATUS: Patched
CVE SUMMARY: The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown).  NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4149

LAYER: meta-oe
PACKAGE NAME: audit
PACKAGE VERSION: 4.0.1
CVE: CVE-2007-4150
CVE STATUS: Patched
CVE SUMMARY: The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4150

LAYER: meta-oe
PACKAGE NAME: audit
PACKAGE VERSION: 4.0.1
CVE: CVE-2007-4151
CVE STATUS: Patched
CVE SUMMARY: The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4151

LAYER: meta-oe
PACKAGE NAME: audit
PACKAGE VERSION: 4.0.1
CVE: CVE-2007-4152
CVE STATUS: Patched
CVE SUMMARY: The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit.
CVSS v2 BASE SCORE: 9.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4152

LAYER: meta-oe
PACKAGE NAME: audit
PACKAGE VERSION: 4.0.1
CVE: CVE-2008-1628
CVE STATUS: Patched
CVE SUMMARY: Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
CVSS v2 BASE SCORE: 4.1
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1628