98 matches found
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
The United States Cybersecurity and Infrastructure Security Agency CISA yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution RCE vulnerability in Pulse Secure VP...
Linux Bug Opens Most VPNs to Hijacking
A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers. According to researchers at University of New Mexico and Breakpointin...
PT-2019-3523 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Sockets Layer SSL VPN feature could allow an authenticated, remote attacker to cause a denial of service DoS condition...
Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24214)
Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client for Linux, version 82. An attacker can exploit this vulnerability by passing a malicious...
The vulnerability of the Check Point IKEv2 IPsec VPN protection software allows a hacker to gain access to the internal network segment through the IKEv2 VPN tunnel.
The vulnerability of the Check Point IKEv2 IPsec VPN protection software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the internal network segment through the IKEv2 VPN tunnel...
SUSE-SU-2019:1369-1 Security update for NetworkManager
This update for NetworkManager fixes the following issues: Following security issue was fixed: - CVE-2018-1000135: A potential leak of private DNS queries to other DNS servers could happen while on VPN bsc1086263, bgo746422...
CVE-2019-8456
Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server...
Windows A high-risk vulnerability allows a hacker in the user access to phishing pages to steal their Microsoft account and related services-vulnerability warning-the black bar safety net
! In all Windows System are the presence of a security may cause the user to visit a phishing site case leaked their Microsoft account user name, password, and Microsoft account binding and is associated with a large number of important business, this information will also be affected Including:...
StrongSwan Security Mechanism Bypass Vulnerability
strongSwan is an open source IPsec-based VPN solution for Linux. The server implementation of the EAP-MSCHAPv2 protocol in strongSwan's eap-mschapv2 plugin fails to properly validate the local state, allowing a remote attacker to bypass authentication by sending an empty Success message in respon...
New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs
Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...
Days thaw letter is not timely help users install the latest security patches-bug warning-the black bar safety net
Currently found in Hua shield firewall basically didn't patch a lot of days thaw letter of vpn and firewall-no patch. Through the abroad for an engine to view-day financial device 1. 2w Station, no desire to write tools to batch validate. The following content is excerpted from days financial...
Debian Security Advisory DSA 2623-1 (openconnect - buffer overflow)
Kevin Cernekee discovered that a malicious VPN gateway can send crafted responses which trigger stack-based buffer overflows. OpenVAS Vulnerability Test $Id: deb2623.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2623-1 using nvtgen 1.0 Script version: 1.0 Author:...
Mandriva Update for vpnc MDVA-2008:122 (vpnc)
Check for the Version of vpnc OpenVAS Vulnerability Test Mandriva Update for vpnc MDVA-2008:122 vpnc Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
CVE-2002-1093
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3B allows remote attackers to cause a denial of service CPU consumption via a long URL request...
Kame Racoon Invalid Cookie Handling Remote DoS
The remote system appears to have a problem with processing requests with invalid cookie values. At least one VPN product racoon demonstrates this flaw. Racoon is integrated with: FreeBSD 4.0 and beyond OpenBSD 2.7 and beyond NetBSD 1.5 and beyond BSD/OS 4.2 and beyond However, the bug has only...
Cisco VPN 3000 Concentrator Certificate Management Page HTML Source Certificate Password Disclosure (CSCdw50657)
The remote VPN concentrator discloses the certificate passwords of its users in the source HTML pages of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdw50657. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...
CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...
VPN 3000 Concentrator IP Options Vulnerability
...