Lucene search
K

18 matches found

CBLMariner
CBLMariner
added 2022/04/26 8:17 p.m.47 views

CVE-2021-41990 affecting package strongswan for versions less than 5.9.5-1

CVE-2021-41990 affecting package strongswan for versions less than 5.9.5-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.7AI score0.06438EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/01/30 12:0 a.m.47 views

FreeBSD : strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache (58528a94-5100-4208-a04d-edc01598cf01)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 58528a94-5100-4208-a04d-edc01598cf01 advisory. - The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted...

7.5CVSS8.1AI score0.06438EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2021/11/06 12:29 a.m.67 views

CVE-2021-41990 affecting package strongswan 5.7.2-6

CVE-2021-41990 affecting package strongswan 5.7.2-6. A patched version of the package is available...

7.5CVSS7.5AI score0.06438EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.18 views

openSUSE: Security Advisory for strongswan (openSUSE-SU-2021:1399-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.8AI score0.06438EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2021/10/31 12:0 a.m.29 views

Security update for strongswan (important)

openSUSE Security Update: Security update for strongswan Announcement ID: openSUSE-SU-2021:1399-1 Rating: important References: 1191367 1191435 SLE-20151 Cross-References: CVE-2021-41990 CVE-2021-41991 CVSS scores: CVE-2021-41990 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-419...

7.5CVSS7.9AI score0.06438EPSS
Exploits0References3
OSV
OSV
added 2021/10/30 11:3 a.m.5 views

OESA-2021-1408 strongswan security update

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS...

7.5CVSS7.6AI score0.06438EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/10/30 12:0 a.m.22 views

Fedora: Security Advisory for strongswan (FEDORA-2021-0b37146973)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/10/20 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-5111-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.06438EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/10/20 12:0 a.m.23 views

openSUSE: Security Advisory for strongswan (openSUSE-SU-2021:3467-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.8AI score0.06438EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/10/20 12:0 a.m.20 views

Debian: Security Advisory (DSA-4989-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.06438EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/10/20 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2021:3467-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.06438EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/10/19 4:44 p.m.47 views

CVE-2021-41990

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur...

7.5CVSS4.7AI score0.06438EPSS
Exploits0References4
OSV
OSV
added 2021/10/19 1:45 p.m.9 views

SUSE-SU-2021:3469-1 Security update for strongswan

This update for strongswan fixes the following issues: - Fix trailing quotation mark missing from example in README. bsc1167880 - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. bsc1191435 - CVE-2021-41990: Fixed an integer Overflow in the gmp Plugin. bsc1191367...

7.5CVSS7.6AI score0.06438EPSS
Exploits0References6
OSV
OSV
added 2021/10/19 11:16 a.m.8 views

SUSE-SU-2021:3467-1 Security update for strongswan

This update for strongswan fixes the following issues: A feature was added: - Add authels plugin to support Marvell FC-SP encryption jscSLE-20151 Security issues fixed: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. bsc1191435 - CVE-2021-41990: Fixed an integer...

7.5CVSS7.6AI score0.06438EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2021/10/19 10:54 a.m.97 views

USN-5111-1: strongSwan vulnerabilities

It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. CVE-2021-41990 It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A...

7.5CVSS7.5AI score0.06438EPSS
Exploits0
Debian
Debian
added 2021/10/18 7:17 p.m.69 views

[SECURITY] [DSA 4989-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4989-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 18, 2021 https://www.debian.org/security/faq -...

7.5CVSS8.5AI score0.06438EPSS
Exploits0
CVE
CVE
added 2021/10/18 1:44 p.m.201 views

CVE-2021-41990

CVE-2021-41990 affects the gmp plugin in strongSwan up to version 5.9.4, where processing a crafted certificate with an RSASSA-PSS signature can trigger a remote integer overflow. The issue can be exploited by an initiator sending an unrelated self-signed CA certificate, but remote code execution...

7.5CVSS7.7AI score0.06438EPSS
Exploits0References7Affected Software1
FreeBSD
FreeBSD
added 2021/10/04 12:0 a.m.27 views

strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache

Strongswan Release Notes reports: Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990. Fixed a denial-of-service vulnerability ...

7.5CVSS2.4AI score0.06438EPSS
Exploits0References2
Rows per page
Query Builder