31 matches found
PT-2022-24390 · Aviatrix · Aviatrix Gateway
Name of the Vulnerable Software and Affected Versions: Aviatrix Gateway versions prior to 6.6.5712 Aviatrix Gateway versions 6.7.x prior to 6.7.1376 Description: An issue was discovered in Aviatrix Gateway where Gateway API functions mishandle authentication. This allows an authenticated VPN user...
CVE-2021-41583
vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...
Code injection
vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...
CVE-2021-41583
vpn-user-portal (eduVPN/Let's Connect!) before 2.3.14, as packaged for Debian 10/11 and Fedora, allows remote authenticated users to obtain OS filesystem access due to the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access. Affected...
PT-2021-4477 · Unknown · Vpn-User-Portal
Name of the Vulnerable Software and Affected Versions: vpn-user-portal versions prior to 2.3.14 Description: The issue arises from insufficient input validation in the vpn-user-portal software, allowing remote authenticated users to obtain OS filesystem access due to the interaction of QR codes...
Commons Conservancy eduVPN 输入验证错误漏洞
Commons Conservancy eduVPN is a project of the Commons Conservancy Foundation for secure Internet access for R&E. Commons Conservancy eduVPN suffers from an input validation error vulnerability that stems from vpn-user-portal on Debian 10, Debian 11, and Fedora prior to version 2.3.14 Due to a QR...
PT-2020-6826 · Citrix · Citrix Adc +1
Name of the Vulnerable Software and Affected Versions: Citrix ADC and Citrix Gateway versions 13.0-58.30 and later releases before the CTX276688 update Description: The issue is related to insufficient protection of service data in the implementation of SSL VPN controller delivery in Citrix ADC a...
CVE-2019-17655
A cleartext storage in a file or on disk CWE-313 vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on...
September 20, 2018—KB4457141 (OS Build 15063.1358)
None None...
Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)
After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...
CVE-2005-2762
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials...