Lucene search
K

1817 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2026:1637-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1637-1 advisory. - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329:...

5.8AI score
Exploits6References22
NVD
NVD
added 2026/04/30 5:16 p.m.7 views

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/30 4:8 p.m.7 views

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS6.2AI score0.05727EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/30 4:8 p.m.30 views

CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/30 4:8 p.m.10 views

CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS6.2AI score0.05727EPSS
Exploits1References5
CVE
CVE
added 2026/04/30 4:8 p.m.42 views

CVE-2025-71284

Synway SMG Gateway Management Software is affected by an OS command injection in the RADIUS configuration endpoint /en/9-2radius.php. The radius_address POST parameter (and related fields) is split and interpolated directly into a sed command without sanitization, enabling an unauthenticated remo...

9.8CVSS6.2AI score0.05727EPSS
In wildExploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

Synway SMG Gateway Management Software 操作系统命令注入漏洞

Synway SMG Gateway Management Software is a gateway management software developed by Synway Corporation. This software has a vulnerability related to operating system command injection. The vulnerability stems from the RADIUS configuration endpoint/en/9-2radius.php, where the radiusaddress POST...

9.8CVSS6.3AI score0.05727EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.11 views

PT-2026-36128

Name of the Vulnerable Software and Affected Versions Synway SMG Gateway Management Software affected versions not specified Description An OS command injection flaw exists in the RADIUS configuration endpoint '/en/9-2radius.php'. The issue occurs because the radius address POST parameter is spli...

9.8CVSS6.4AI score0.05727EPSS
Exploits1References14
VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.276 views

VulnCheck KEV: CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS6.3AI score0.05727EPSS
In wildExploits1References8
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.0.1)

The version of AHV installed on the remote host is prior to AHV-10.0.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.0.1 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Respons...

9CVSS7.8AI score0.14859EPSS
Exploits2References3
SUSE Linux
SUSE Linux
added 2026/04/27 4:59 p.m.5 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

9.2CVSS5.2AI score
Exploits6References28
OSV
OSV
added 2026/04/27 4:59 p.m.3 views

SUSE-SU-2026:1637-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

5.2AI score
Exploits6References15
OSV
OSV
added 2026/04/27 11:41 a.m.12 views

USN-8196-2 strongswan vulnerabilities

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supportedversions extension in TLS. A remote attacker could possibly use this issue to cau...

6AI score
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.8 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : strongSwan vulnerabilities (USN-8196-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8196-1 advisory. Haruto Kimura discovered that strongSwan incorrectly handled the supportedversions extension in TLS. A remote attacker could possibly...

6.1AI score
Exploits6References8
Debian
Debian
added 2026/04/22 12:57 p.m.7 views

[SECURITY] [DSA 6227-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6227-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez April 22, 2026 https://www.debian.org/security/faq -...

6.4AI score
Exploits6
OSV
OSV
added 2026/04/22 12:46 p.m.12 views

USN-8196-1 strongswan vulnerabilities

Haruto Kimura discovered that strongSwan incorrectly handled the supportedversions extension in TLS. A remote attacker could possibly use this issue to cause strongSwan to stop responding, resulting in a denial of service. CVE-2026-35328 Haruto Kimura discovered that strongSwan incorrectly handle...

6AI score
Exploits6References8
UbuntuCve
UbuntuCve
added 2026/04/22 12:0 p.m.12 views

CVE-2026-35333

Integer Underflow When Handling RADIUS Attributes...

5.7AI score
Exploits3References4
OSV
OSV
added 2026/04/22 12:0 p.m.4 views

UBUNTU-CVE-2026-35333

Integer Underflow When Handling RADIUS Attributes...

5.2AI score
Exploits3References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-35581

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...

5.9AI score
Exploits6References37
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-35584

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...

5.9AI score
Exploits6References36
Rows per page
Query Builder