Lucene search
K

98 matches found

CVE
CVE
added 2025/06/10 4:36 p.m.74 views

CVE-2024-50562

CVE-2024-50562 is an Insufficient Session Expiration (CWE-613) in FortiOS SSL-VPN. A stolen cookie could allow a logged-out/expired session to re-authenticate. Affected FortiOS/ FortiSASE: FortiOS 7.6.0 (fixed in 7.6.1), 7.4.0–7.4.7 (fixed in 7.4.8), 7.2.0–7.2.10 (fixed in 7.2.11), and all 7.0 an...

4.8CVSS5.1AI score0.01076EPSS
Exploits3References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/06/10 12:0 a.m.8 views

Fortinet Fortigate Insufficient Session Expiration in SSL-VPN cookie (FG-IR-24-339)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-339 advisory. - An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version...

4.8CVSS5.6AI score0.01076EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.9 views

CVE-2024-32324

Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpnclientip variable of the configvpnpptp function in rc program...

7.8CVSS7.7AI score0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.5 views

CVE-2024-1195

A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally...

5.5CVSS6.9AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.14 views

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

6.6CVSS8.3AI score0.02344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.16 views

CVE-2023-20095

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to imprope...

8.6CVSS7.2AI score0.0064EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:50 a.m.8 views

CVE-2022-20928

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to...

5.8CVSS7.2AI score0.00683EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.9 views

CVE-2022-45861

An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated...

6.5CVSS6.6AI score0.00818EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:58 p.m.8 views

CVE-2020-25043

The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system...

7.1CVSS7AI score0.00314EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:29 p.m.7 views

CVE-2010-4354

The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances ASA 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device,...

5CVSS6.9AI score0.02342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 a.m.6 views

CVE-2019-8459

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one...

9.8CVSS6.9AI score0.01191EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 11:15 p.m.26 views

CVE-2025-1566

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions...

7.5CVSS0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/02 4:15 p.m.23 views

CVE-2025-20212

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...

7.7CVSS0.00662EPSS
Exploits0References1
OSV
OSV
added 2025/03/01 6:15 p.m.4 views

CVE-2025-1800

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function getipaddrdetails of the file /view/vpn/sxhvpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. Th...

8.8CVSS5.8AI score0.05519EPSS
Exploits1References6
NCSC
NCSC
added 2025/02/18 8:9 a.m.8 views

Vulnerabilities fixed in SonicWall SonicOS

Sonicwall has fixed vulnerabilities in SonicOS for Gen6 and Gen7 firewalls. The first vulnerability concerns a weak pseudo-random number generator in the SSLVPN CVE-2024-40762, allowing attackers to predict authentication tokens in some cases. CVE-2024-53704 concerns improper authentication in th...

9.8CVSS8.1AI score0.95132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/05 5:31 p.m.9 views

CVE-2025-23415 BIG-IP APM Endpoint Inspection vulnerability

An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux. Note:...

3.1CVSS5.1AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/01/27 6:15 p.m.15 views

CVE-2025-24356

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...

7.5CVSS0.0065EPSS
Exploits0References8
CVE
CVE
added 2025/01/21 11:4 p.m.921 views

CVE-2024-49734

CVE-2024-49734 affects Android’s ConnectivityService.java, enabling a Wi‑Fi AP to infer the site a device connected to via VPN through a side channel, causing remote information disclosure with no extra privileges and no user interaction. The issue is categorized as Information Disclosure with hi...

7.5CVSS6.1AI score0.00276EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/14 2:8 p.m.14 views

CVE-2023-46715

An origin validation error CWE-346 vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send but not receive packets spoofing the IP of another user via crafted network packets...

5CVSS5AI score0.00913EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/19 7:40 a.m.12 views

CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...

5.4CVSS7.8AI score0.0077EPSS
Exploits0References1
Rows per page
Query Builder