637 matches found
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...
PYSEC-2023-321
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
PYSEC-2023-321
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
CVE-2023-36672
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
Code injection
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
UBUNTU-CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
WireGuard Security Vulnerabilities
WireGuard is an open source VPN program and protocol from the individual developer Jason A. Donenfeld. A security vulnerability exists in WireGuard version 0.5.3 that originates from an insecure configuration of the operating system and firewall that results in the blocking of traffic to a local...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
PT-2023-6277
Name of the Vulnerable Software and Affected Versions WireGuard client version 0.5.3 Description The issue is related to errors in handling links, allowing a remote attacker to block IP traffic to selected IP addresses. This can be exploited to trick the victim into blocking IP traffic to chosen ...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
CVE-2023-35838
CVE-2023-35838 affects the WireGuard client 0.5.3 on Windows. The vulnerability arises from an insecure OS/firewall configuration that blocks traffic to a local network using non-RFC1918 IP addresses, enabling a LocalNet-style attack where an adversary can trick a user into blocking IP traffic to...
CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
CVE-2022-41723 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, dynamic-localpv-provisioner-fips, kubeflow, wireguard-go, terraform-provider-sendgrid-fips, gke-gcloud-auth-plugin, hey, go, terraform-provider-sendgrid, k3d, falco, grpcurl, kube-state-metrics, kubeflow-fips, restic...
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, dynamic-localpv-provisioner-fips, kubeflow, wireguard-go, terraform-provider-sendgrid-fips, gke-gcloud-auth-plugin, hey, go, terraform-provider-sendgrid, k3d, falco, grpcurl, kube-state-metrics, kubeflow-fips, restic...
SUSE CVE-2020-9429
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value...