1819 matches found
SUSE-SU-2026:2197-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...
strongSwan 5.9.13 - DoS
Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...
📄 strongSwan 5.9.13 Denial of Service
strongSwan version 5.9.13 suffers from a denial of service vulnerability. Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version:...
Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks
Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...
CLSA-2026-1779461988 krb5: Fix of 3 CVEs
CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecoderequest - CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-8830 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.2)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
openSUSE 16 Security Update : strongswan (openSUSE-SU-2026:20678-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20678-1 advisory. Update to version 6.0.6 jscPED-16145. Security issued fixed: - CVE-2026-35328: infinite loop when handling supported versions TLS extension...
SUSE SLES12 Security Update : strongswan (SUSE-SU-2026:1762-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1762-1 advisory. - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling...
AI Native Asset Intelligence
Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret...
Security update for strongswan
This update for strongswan fixes the following issues: CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. CVE-2026-35331: acceptance of certificates violating X.509 name constrain...
SUSE-SU-2026:1762-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. - CVE-2026-35331: acceptance of certificates violating X.509 name...
EUVD-2026-27862
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...
CVE-2026-20193
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...
CVE-2026-20193
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...
CVE-2026-20193
Cisco Identity Services Engine (ISE) is affected by CVE-2026-20193 due to improper RBAC on the RADIUS Policy API endpoints. An authenticated, remote attacker with read-only Administrator privileges could bypass the web UI and call an affected endpoint to gain unauthorized read access to sensitive...
CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...
CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...
PT-2026-37657
Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Description Improper role-based access control RBAC permissions on the RADIUS Policy API endpoints allow an authenticated remote attacker with read-only Administrator privileges to gain unauthorized re...
Cisco ISE 安全漏洞
Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that stems from improper role-based access control permissions on the RADIUS...
Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-unauth-bypass-uxjRXGpb)
According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists becaus...