360 matches found
SoftEther VPN 安全漏洞
SoftEther VPN is a free, open-source, cross-platform, and multi-protocol VPN software developed by SoftEther. It provides secure, flexible, and efficient network connections, allowing users to bypass geographical restrictions. SoftEther VPN versions 5.2.5188 and earlier contain security...
EUVD-2026-15426
A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this...
CVE-2026-20004
Cisco IOS XE TLS library vulnerability (CVE-2026-2004) could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, causing a reload and DoS. Root cause: improper memory management during TLS setup. Exploitation involves repeated TLS-triggering actions such as EAP at...
Cisco IOS XE Software TLS Memory Exhaustion Denial of Service Vulnerability
A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this...
PT-2026-27787
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the TLS library of Cisco IOS XE Software that may allow a nearby, unauthenticated attacker to deplete the memory of a vulnerable device. This is caused by...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : strongSwan vulnerability (USN-8117-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8117-1 advisory. Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use...
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
USN-8117-1: strongSwan vulnerability
Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use this issue to cause strongSwan to consume resources and crash, resulting in a denial of service...
USN-8117-1 strongswan vulnerability
Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use this issue to cause strongSwan to consume resources and crash, resulting in a denial of service...
CVE-2026-25075
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...
strongSwan 代码问题漏洞
strongSwan is an open-source VPN solution based on IPsec, developed by Andreas Steffen of Switzerland for Linux platforms. This solution includes X.509 public key certificates, secure storage of private keys, and authentication mechanisms such as smart cards. Prior to version 6.0.5 of strongSwan,...
CVE-2026-30967
Parse Server is affected when using the generic OAuth2 authentication adapter (oauth2: true) without setting useridField. Prior to 9.5.2-alpha.9 and 8.6.22, the adapter only verified token activity via the provider’s introspection endpoint and did not confirm that the token belongs to the user id...
PT-2026-24137
Name of the Vulnerable Software and Affected Versions Pocket ID versions prior to 2.4.0 Description Pocket ID is an OIDC provider susceptible to cross-client code exchange and expired code reuse. The OIDC token endpoint incorrectly validates authorization codes, only rejecting them when both the...
CLSA-2026-1771519663 libsoup: Fix of 2 CVEs
CVE-2026-1761: fix stack-based buffer overflow in multipart HTTP response parsing caused by incorrect length calculation in soupfilterinputstreamreaduntil - CVE-2026-0719: fix stack-based buffer overflow in NTLM authentication caused by integer overflow in md4sum with excessively long passwords...
BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
BRC-104 Authentication Signature Data Preparation Vulnerability Summary A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potentia...
libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...
libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...
CVE-2026-25532
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...
CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...
Espressif ESP-IDF 数字错误漏洞
Espressif ESP-IDF is an IoT development framework developed by Espressif, a Chinese company. Versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6 of Espressif ESP-IDF contain numerical error vulnerabilities. These vulnerabilities stem from integer underflow during the processing ofEAP-WSC packets in th...