29 matches found
EUVD-2024-32236
Malicious code in bioql PyPI...
EUVD-2021-2854
Malicious code in bioql PyPI...
EUVD-2023-40615
Malicious code in bioql PyPI...
EUVD-2023-40614
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-36673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the...
CVE-2023-36672
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...
CVE-2023-36673
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.5)
The version of AOS installed on the remote host is prior to 6.10.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.5 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic templa...
DHCP: DHCP routing options can manipulate interface-based VPN traffic
DHCP can add routes to a client’s routing table via the classless static route option 121. VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify...
CVE-2024-44165
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel...
CVE-2024-44165
CVE-2024-44165 is a logic-issue vulnerability fixed by Apple in multiple OS updates. It allows network traffic to leak outside a VPN tunnel. Affected are macOS: Ventura 13.7; Sonoma 14.7; Sequoia 15; iOS/iPadOS: 17.7, 18; and visionOS 2. Root cause described as a logic issue addressed with improv...
CVE-2024-3661
DHCP can add routes to a client’s routing table via the classless static route option 121. VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify...
UBUNTU-CVE-2021-47160
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCRMATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlanfiltering 1 ip link...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the PCRMATRIX field being set to all 1's when VLAN filtering is enabled, but not reset when disabled, which...
TunnelCrack Vulnerabilities
SonicWall PSIRT is aware of a research publication that outlines a series of attacks known as 'TunnelCrack' vulnerabilities. These attacks occur when VPN client traffic leaks outside of the secure VPN tunnel, typically happening when clients connect to untrusted networks, like rogue Wi-Fi access...
CVE-2023-36673
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while...
CVE-2023-36671
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...
CVE-2023-36672
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...
CVE-2023-36673
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while...
UBUNTU-CVE-2023-36672
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...