Lucene search
+L

176 matches found

ptsecurity
ptsecurity
added 2024/06/25 12:0 a.m.8 views

PT-2024-4413 · Moxa · Oncell G3470A-Lte Series

Name of the Vulnerable Software and Affected Versions: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior Description: The issue is related to a lack of neutralized inputs in the IPSec configuration, allowing an attacker to modify intended commands sent to target functions. This could...

8.8CVSS7.7AI score0.00449EPSS
Exploits0References5
vulncheck_kev
vulncheck_kev
added 2024/05/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-24919

Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several...

8.6CVSS7.3AI score0.99978EPSS
Exploits52References1
bdu_fstec
bdu_fstec
added 2024/05/16 12:0 a.m.7 views

The vulnerability of the rlb_arp_xmit() function in the drivers/net/bonding/bond_alb.c module of the Linux kernel’s IPSec core, which allows a hacker to trigger a service failure.

The vulnerability of the rlbarpxmit function in the drivers/net/bonding/bondalb.c module of the Linux kernel-based IPSec driver component is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...

3.3CVSS5.4AI score0.00248EPSS
Exploits0References8Affected Software1
ptsecurity
ptsecurity
added 2024/05/08 12:0 a.m.5 views

PT-2024-25373 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Recommendations: At the moment, there is no information about...

7.5CVSS6.9AI score0.00593EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2024/04/25 12:0 a.m.6 views

The vulnerability of the VPN protocol library using “IPsec” in libreswan, related to the use of the PreSharedKey secret for creating the AUTH payload in IKEAuth Exchange, allows a attacker to perform a type of “Denial-of-Service” attack. [source-iocs-preserved const=IKE_AUTH]

The vulnerability of the VPN protocol using “IPsec” with libreswan is related to the use of the PreSharedKey secret for generating the AUTH payload in IKE Auth Exchange. Exploiting this vulnerability allows a remote attacker to perform a type of “denial-of-service” attack. source-iocs-preserved...

7.8CVSS6.3AI score0.00944EPSS
Exploits0References7Affected Software4
bdu_fstec
bdu_fstec
added 2024/04/19 12:0 a.m.7 views

The vulnerability of the IPSec components of Ivanti Connect Secure and Ivanti Policy Secure network access control tools allows a hacker to trigger a service failure.

The vulnerability of the IPSec components of Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to pointer aliasing errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

7.8CVSS6.9AI score0.0375EPSS
Exploits0References2Affected Software2
osv
osv
added 2024/04/12 11:7 a.m.3 views

OESA-2024-1409 libreswan security update

Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS7.1AI score0.00944EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/03/27 12:0 a.m.6 views

Cilium 安全漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium that stems from the presence of insecure IPsec transport...

8CVSS7.6AI score0.00172EPSS
Exploits0References7
osv
osv
added 2024/02/20 3:15 a.m.4 views

CVE-2023-6764

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, and USG20W-VPN series...

8.1CVSS6.3AI score0.00889EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2023/11/29 12:0 a.m.7 views

The vulnerability of the QuickSec IPSec microprogramming software for network devices from Zyxel, including models such as ATP, USG FLEX, USG FLEX50(W), and USG20(W)-VPN, as well as VPN, allows a hacker to cause service interruptions.

The vulnerability of the QuickSec IPSec microprogramming software for network devices from Zyxel, such as ATP, USG FLEX, USG FLEX50W, and USG20W-VPN, related to the possibility of integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sendi...

7.8CVSS7.3AI score0.00881EPSS
Exploits0References2
osv
osv
added 2023/11/28 2:15 a.m.5 views

CVE-2023-4398

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series...

7.5CVSS5.8AI score0.00881EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/11/27 12:0 a.m.4 views

PT-2023-7186 · Zyxel · Zyxel Usg Flex Series +5

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series firmware versions 4.32 through 5.37 Zyxel USG FLEX series firmware versions 4.50 through 5.37 Zyxel USG FLEX 50W series firmware versions 4.16 through 5.37 Zyxel USG20W-VPN series firmware versions 4.16 through 5.37 Zyxel VPN...

7.8CVSS7.5AI score0.00881EPSS
Exploits0References5
osv
osv
added 2023/09/07 8:15 p.m.2 views

CVE-2023-20193

A vulnerability in the Embedded Service Router ESR of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid...

6.7CVSS6.7AI score0.00185EPSS
Exploits0References1
osv
osv
added 2023/08/25 9:15 p.m.6 views

AZL-34935 CVE-2023-38710 affecting package libreswan for versions less than 4.7-6

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2023/03/03 12:0 a.m.7 views

Vulnerability of the j1939_sessiondestroy() function in the net/can/j1939/transport.c module: a flaw in Linux operating system kernel-based IPsec components, allowing an attacker to cause a service failure.

The vulnerability of the j1939sessiondestroy function in the net/can/j1939/transport.c module is related to incorrect handling of block usage counters in IPsec components of the Linux operating system. Exploiting this vulnerability could allow a remote attacker to cause service failures...

3.5CVSS6.2AI score0.00299EPSS
Exploits0References23Affected Software6
susecve
susecve
added 2023/02/15 5:38 a.m.4 views

SUSE CVE-2013-2237

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

2.1CVSS6AI score0.00557EPSS
Exploits1References10
susecve
susecve
added 2023/02/15 3:31 a.m.7 views

SUSE CVE-2022-3545

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function areacacheget of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a...

7.4CVSS6.8AI score0.00398EPSS
Exploits0References53
osv
osv
added 2022/11/15 3:15 a.m.4 views

CVE-2022-41396

Tenda AC1200 Router Model W15Ev2 V15.11.0.101576 was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters...

7.8CVSS5.8AI score0.01377EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/10/21 12:0 a.m.5 views

Linux kernel 资源管理错误漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux Kernel has a security vulnerability that affects the functions devlinkparamset/devlinkparamget in the component IPsec's file net/core/devlink.c. The operation leads to free post-use. No details...

7.8CVSS6.3AI score0.00316EPSS
Exploits0References15
cnnvd
cnnvd
added 2022/10/21 12:0 a.m.5 views

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that affects the function tsttimer in the component IPsec's file drivers/atm/idt77252.c. The operation leads to free post-use. No details of the vulnerability ar...

7CVSS6.3AI score0.00405EPSS
Exploits1References19
Rows per page
Query Builder