1171 matches found
CVE-2023-22308
An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2023-27395
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this...
CVE-2023-22325
A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-22325
A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-23581
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...
CVE-2023-23581
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...
CVE-2023-27516
CVE-2023-27516 affects SoftEther VPN 4.41-9782-beta and 5.01.9674, where a flaw in the CiRpcAccepted() function allows authentication bypass via a specially crafted network packet, enabling unauthorized access. The Red Hat, JVN, and other records corroborate the affected versions and the specific...
CVE-2023-27516
An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability...
CVE-2023-27516
An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability...
CVE-2023-31192
An information disclosure vulnerability exists in the ClientConnect functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-31192
An information disclosure vulnerability exists in the ClientConnect functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
SoftEther VPN vpnserver OvsProcessData denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1737 SoftEther VPN vpnserver OvsProcessData denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22308 SUMMARY An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A...
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1736 SoftEther VPN DCRegister DDNSRPCMAXRECVSIZE denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22325 SUMMARY A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta,...
CVE-2023-34346
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...
Stack overflow
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34346
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34346
CVE-2023-34346 concerns a stack-based buffer overflow in the Yifan YF325 router. Talos reports the vulnerability exists in the httpd gwcfg.cgi get endpoint, where the code reads request data using Content-Length into a fixed-size buffer without proper bounds checking, allowing a specially crafted...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary...
LSN-0098-1: Kernel Live Patch Security Notice
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-3090 It...
USN-6397-1: Linux kernel (BlueField) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Ruihan Li discovered that the bluetooth subsystem ...