Lucene search
K

99 matches found

Vulnrichment
Vulnrichment
added 2025/06/25 12:49 p.m.8 views

CVE-2025-6543 Memory overflow vulnerability leading to unintended control flow and Denial of Service

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy OR AAA virtual server...

9.2CVSS7.4AI score0.09756EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.8 views

The vulnerability of the formSetPPTPServerCfg function in the Tenda AC10 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetPPTPServer /goform/SetPptpServerCfg function in the Tenda AC10 router software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibili...

10CVSS7.6AI score0.00692EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.11 views

PT-2025-26241 · Ubiquiti · Unifi Network Application

Name of the Vulnerable Software and Affected Versions: UniFi Network versions 9.1.120 and earlier Description: A misconfigured query in UniFi Network could allow users to authenticate to Enterprise WiFi or VPN Server l2tp and OpenVPN using a device’s MAC address from 802.1X or MAC Authentication,...

6.8CVSS6.4AI score0.00311EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.4 views

CVE-2023-28182

The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with...

6.5CVSS6.2AI score0.00712EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:17 p.m.9 views

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

6.5CVSS7.1AI score0.00657EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.6 views

The vulnerability of the TLS-crypt-v2 function on the software-based OpenVPN server allows a hacker to induce a service failure.

The vulnerability of the TLS-crypt-v2 function in the OpenVPN software server is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

3.7CVSS6.6AI score0.00784EPSS
Exploits0References9Affected Software4
RedHat Linux
RedHat Linux
added 2025/01/13 11:42 a.m.98 views

Moderate: Red Hat Security Advisory: Bug fix of NetworkManager

Bug fix of NetworkManager Security and Bug Fixes: NetworkManager: DHCP routing options can manipulate interface-based VPN traffic CVE-2024-3661 Route to VPN server not stored in routing table that is specified by ipv4.route-table JIRA:RHEL-73051 VPN connections do not support ipv4.routing-rules...

7.6CVSS7.1AI score0.04063EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/11/25 12:0 a.m.4 views

The vulnerability of the VPN server in corporate networks of Ivanti Secure Access Client (formerly Pulse Secure Desktop Client) – related to copying buffers without checking the size of the input data – allows a hacker to trigger a service failure.

The vulnerability of the VPN server in corporate networks of Ivanti Secure Access Client formerly Pulse Secure Desktop Client relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.6CVSS5.4AI score0.0028EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/02 7:15 p.m.3 views

CVE-2024-20502

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishi...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/10/02 7:15 p.m.16 views

CVE-2024-20498

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

8.6CVSS0.00508EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 7:15 p.m.4 views

CVE-2024-20498

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 6:23 p.m.61 views

CVE-2024-20501

CVE-2024-20501 describes multiple denial-of-service vulnerabilities in the Cisco AnyConnect VPN server used by Cisco Meraki MX and Z Series Teleworker Gateway. The root cause is insufficient validation of client-supplied parameters during SSL VPN session establishment, allowing an unauthenticated...

8.6CVSS8.2AI score0.00508EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/02 6:23 p.m.11 views

CVE-2024-20498 Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

8.6CVSS7.1AI score0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 6:23 p.m.19 views

CVE-2024-20498

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

8.6CVSS0.00508EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.6 views

PT-2024-18672 · Cisco · Cisco Meraki Z Series Teleworker Gateway +2

Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices affected versions not specified Description: A vulnerability in the Cisco AnyConnect VPN server could allow an unauthenticated, remote attacker to cause a DoS condition for...

5.8CVSS7AI score0.00455EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/03/22 12:0 a.m.5 views

The vulnerability of the VPN server for microprogramming router Totolink X2000R, which allows attackers to perform cross-site scripting attacks

The vulnerability of the VPN server for microprogramming routers Totolink X2000R relates to the lack of measures taken to protect the website structure during the processing of the “Comment” input field. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attack...

10CVSS5.3AI score0.00389EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.4 views

Tenda AC10 安全漏洞

Tenda AC10U is a wireless router from Tenda China. A buffer overflow vulnerability exists in the Tenda AC10U formSetPPTPServer function, which originates from the startIp parameter of the formSetPPTPServer function failing to properly validate the length of the input data, which can be exploited ...

9.8CVSS8.2AI score0.00905EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/12/01 12:0 a.m.4 views

The vulnerability of the VPN server of the Ivanti Secure Access Client (ISAC) for corporate networks (formerly known as Pulse Secure Desktop Client) on Windows operating systems arises from the use of insecure configurations. This vulnerability allows attackers to gain unauthorized access to protected information, increase their privileges, or cause service interruptions.

The vulnerability of the VPN server of Ivanti Secure Access Client formerly Pulse Secure Desktop Client for Windows operating systems is related to the use of insecure configurations. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information, increase...

7.8CVSS7.6AI score0.00713EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/10/12 4:15 p.m.19 views

CVE-2023-23581

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...

7.5CVSS7.4AI score0.00834EPSS
Exploits1References2
Prion
Prion
added 2023/10/12 4:15 p.m.23 views

Denial of service

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability...

5CVSS7.4AI score0.00728EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder