637 matches found
CVE-2025-27093
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
EUVD-2025-36543
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093
CVE-2025-27093 affects Sliver’s custom WireGuard netstack. In affected releases (1.5.43 and earlier, and 1.6.0-dev) the netstack does not restrict traffic between WireGuard clients, enabling unrestricted inter-client communication and potentially allowing leaked/recovered keys to be used across o...
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
Improper Restriction of Communication Channel to Intended Endpoints
Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the custom netstack implementation. An attacker can access internal services or execute unauthorized actions by recovering a Wireguard private key from a process dum...
Improper Restriction of Communication Channel to Intended Endpoints
Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the custom netstack implementation. An attacker can access internal services or execute unauthorized actions by recovering a Wireguard private key from a process dum...
GHSA-Q8J9-34QF-7VQ7 Silver has unrestricted traffic between Wireguard clients
Summary Sliver's custom Wireguard netstack doesn't limit traffic between Wireguard clients, this could lead to: 1. Leaked/recovered keypair from a beacon being used to attack operators. 2. Port forwardings usable from other implants. Details 1. Sliver treat operators' Wireguard config and...
Silver has unrestricted traffic between Wireguard clients
Summary Sliver's custom Wireguard netstack doesn't limit traffic between Wireguard clients, this could lead to: 1. Leaked/recovered keypair from a beacon being used to attack operators. 2. Port forwardings usable from other implants. Details 1. Sliver treat operators' Wireguard config and...
Sliver 访问控制错误漏洞
Sliver is an open source cross-platform adversary simulation/red teaming framework from Bishop Fox Open Source. It can be used by organizations of all sizes to perform security testing. An Access Control Error vulnerability exists in Sliver versions 1.5.43 and earlier and 1.6.0-dev, which stems...
PT-2025-44202
Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...
Siemens SIMATIC Devices Use After Free (CVE-2024-26951)
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via isdead instead of empty list This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, In...
Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-26950)
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
SUSE CVE-2025-59824
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...
GO-2025-3979 Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni
Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni...
EUVD-2020-30249
Malware in sbrugna...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-400059)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-400059 advisory. In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug tha...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-390028)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-390028 advisory. In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986899)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986899 advisory. In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenc...