Lucene search
K

98 matches found

The Hacker News
The Hacker News
added 2020/04/17 11:20 a.m.9 views

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

The United States Cybersecurity and Infrastructure Security Agency CISA yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution RCE vulnerability in Pulse Secure VP...

10CVSS8.2AI score0.99999EPSS
Exploits22
ThreatPost
ThreatPost
added 2019/12/06 4:54 p.m.106 views

Linux Bug Opens Most VPNs to Hijacking

A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers. According to researchers at University of New Mexico and Breakpointin...

4.9CVSS0.6AI score0.00838EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/10/02 12:0 a.m.7 views

PT-2019-3523 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Sockets Layer SSL VPN feature could allow an authenticated, remote attacker to cause a denial of service DoS condition...

7.7CVSS6.7AI score0.01526EPSS
Exploits0References5
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24214)

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client for Linux, version 82. An attacker can exploit this vulnerability by passing a malicious...

7.8CVSS7.9AI score0.00808EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/07/04 12:0 a.m.3 views

The vulnerability of the Check Point IKEv2 IPsec VPN protection software allows a hacker to gain access to the internal network segment through the IKEv2 VPN tunnel.

The vulnerability of the Check Point IKEv2 IPsec VPN protection software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the internal network segment through the IKEv2 VPN tunnel...

5.9CVSS5.5AI score0.2039EPSS
Exploits0References4
OSV
OSV
added 2019/05/28 11:16 a.m.8 views

SUSE-SU-2019:1369-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: Following security issue was fixed: - CVE-2018-1000135: A potential leak of private DNS queries to other DNS servers could happen while on VPN bsc1086263, bgo746422...

7.5CVSS7.5AI score0.02135EPSS
Exploits0References3
OSV
OSV
added 2019/04/09 9:29 p.m.4 views

CVE-2019-8456

Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server...

5.9CVSS6.2AI score0.2039EPSS
Exploits0References1
myhack58
myhack58
added 2016/08/03 12:0 a.m.14 views

Windows A high-risk vulnerability allows a hacker in the user access to phishing pages to steal their Microsoft account and related services-vulnerability warning-the black bar safety net

! In all Windows System are the presence of a security may cause the user to visit a phishing site case leaked their Microsoft account user name, password, and Microsoft account binding and is associated with a large number of important business, this information will also be affected Including:...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/11/19 12:0 a.m.5 views

StrongSwan Security Mechanism Bypass Vulnerability

strongSwan is an open source IPsec-based VPN solution for Linux. The server implementation of the EAP-MSCHAPv2 protocol in strongSwan's eap-mschapv2 plugin fails to properly validate the local state, allowing a remote attacker to bypass authentication by sending an empty Success message in respon...

5CVSS7.7AI score0.02582EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/05/20 7:28 a.m.9 views

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs

Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...

6.8AI score
Exploits0References9
myhack58
myhack58
added 2014/06/30 12:0 a.m.23 views

Days thaw letter is not timely help users install the latest security patches-bug warning-the black bar safety net

Currently found in Hua shield firewall basically didn't patch a lot of days thaw letter of vpn and firewall-no patch. Through the abroad for an engine to view-day financial device 1. 2w Station, no desire to write tools to batch validate. The following content is excerpted from days financial...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2013/02/14 12:0 a.m.22 views

Debian Security Advisory DSA 2623-1 (openconnect - buffer overflow)

Kevin Cernekee discovered that a malicious VPN gateway can send crafted responses which trigger stack-based buffer overflows. OpenVAS Vulnerability Test $Id: deb2623.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2623-1 using nvtgen 1.0 Script version: 1.0 Author:...

5CVSS0.9AI score0.02648EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.10 views

Mandriva Update for vpnc MDVA-2008:122 (vpnc)

Check for the Version of vpnc OpenVAS Vulnerability Test Mandriva Update for vpnc MDVA-2008:122 vpnc Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

0.1AI score
Exploits0References2
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.22 views

CVE-2002-1093

HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3B allows remote attackers to cause a denial of service CPU consumption via a long URL request...

6.5AI score0.01616EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/03/31 12:0 a.m.18 views

Kame Racoon Invalid Cookie Handling Remote DoS

The remote system appears to have a problem with processing requests with invalid cookie values. At least one VPN product racoon demonstrates this flaw. Racoon is integrated with: FreeBSD 4.0 and beyond OpenBSD 2.7 and beyond NetBSD 1.5 and beyond BSD/OS 4.2 and beyond However, the bug has only...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/03/01 12:0 a.m.19 views

Cisco VPN 3000 Concentrator Certificate Management Page HTML Source Certificate Password Disclosure (CSCdw50657)

The remote VPN concentrator discloses the certificate passwords of its users in the source HTML pages of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdw50657. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...

7.5CVSS5.5AI score0.01133EPSS
Exploits0References1
NVD
NVD
added 2002/12/31 5:0 a.m.23 views

CVE-2002-1755

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...

5CVSS6.7AI score0.01096EPSS
Exploits0References2
Cisco
Cisco
added 2001/04/12 3:0 p.m.14 views

VPN 3000 Concentrator IP Options Vulnerability

...

2AI score
Exploits0References1
Rows per page
Query Builder