The vulnerability of strongSwan demon, related to errors in certificate verification in EAP methods based on TLS, allows a perpetrator to perform a denial-of-service attack.

The vulnerability of strongSwan is related to errors in certificate verification during EAP methods based on TLS. Exploiting this vulnerability allows a remote attacker to perform a denial-of-service attack...

strongSwan 信任管理问题漏洞

strongSwan is a Swiss Andreas Steffen personal developer of a Linux platform to use the open source IPsec-based VPN solution. The solution includes authentication mechanisms such as X.509 public key certificates, securely stored private keys, and smart cards. A security vulnerability exists in...

PT-2023-21616 · Apple · Macos Monterey +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 macOS Monterey versions prior to 12.6.4 macOS Big Sur versions prior to 11.7.5 iOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 16.4 iPadOS versions prior to 15.7.4 Description: The...

SUSE CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

The vulnerability of the Protected Extensible Authentication Protocol (PEAP) implementation in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Protected Extensible Authentication Protocol PEAP implementation in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

The vulnerability of the Protected Extensible Authentication Protocol (PEAP) implementation in Windows operating systems allows a perpetrator to induce a service failure.

The vulnerability of the Protected Extensible Authentication Protocol PEAP implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the Protected Extensible Authentication Protocol (PEAP) implementation in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Protected Extensible Authentication Protocol PEAP implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted PEAP packets...

The vulnerability of the Protected Extensible Authentication Protocol (PEAP) implementation in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Protected Extensible Authentication Protocol PEAP implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

SUSE CVE-2006-1354

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service server crash via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module...

SUSE CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...

SUSE CVE-2015-5314

The eappwdprocess function in eapserver/eapserverpwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with 1 an internal EAP server or 2 a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote...

SUSE CVE-2015-5315

The eappwdprocess function in eappeer/eappwd.c in wpasupplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service process...

SUSE CVE-2015-8023

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...

SUSE CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

SUSE CVE-2019-11555

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

CVE-2023-21701

Microsoft Protected Extensible Authentication Protocol PEAP Denial of Service Vulnerability...

CVE-2023-21695

Microsoft Protected Extensible Authentication Protocol PEAP Remote Code Execution Vulnerability...

CVE-2023-21701

Microsoft Protected Extensible Authentication Protocol PEAP Denial of Service Vulnerability...

CVE-2023-21690

Microsoft Protected Extensible Authentication Protocol PEAP Remote Code Execution Vulnerability...

CVE-2023-21691

Microsoft Protected Extensible Authentication Protocol PEAP Information Disclosure Vulnerability...