CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-31872

Malicious code in bioql PyPI...

9.1CVSS8AI score0.00111EPSS

Tenable Nessus•added 2024/05/04 12:0 a.m.•22 views

GLSA-202405-08 : strongSwan: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-08 strongSwan: Multiple Vulnerabilities - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger...

9.8CVSS8.1AI score0.11537EPSS

Exploits0References9

Tenable Nessus•added 2022/02/22 12:0 a.m.•43 views

openSUSE 15 Security Update : strongswan (openSUSE-SU-2022:0492-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0492-1 advisory. - In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the...

Tenable Nessus•added 2022/02/19 12:0 a.m.•37 views

SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2022:0492-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0492-1 advisory. - In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the...

Tenable Nessus•added 2022/02/19 12:0 a.m.•50 views

SUSE SLES11 Security Update : strongswan (SUSE-SU-2022:14887-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14887-1 advisory. - In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on G...

9.1CVSS6.8AI score0.336EPSS

Exploits1References12

OpenVAS•added 2022/02/01 12:0 a.m.•16 views

strongSwan 4.1.2 < 5.9.5 Early EAP-Success Messages Vulnerability

strongSwan is prone to an incorrect handling of early EAP-Success messages vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

9.1CVSS9.2AI score0.00111EPSS

OSV•added 2022/01/31 8:15 a.m.•19 views

CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2 even without server authentication...

9.1CVSS6.9AI score

NVD•added 2022/01/31 8:15 a.m.•20 views

CVE-2021-45079

9.1CVSS0.00111EPSS

OSV•added 2022/01/31 8:15 a.m.•1 views

ALPINE-CVE-2021-45079

9.1CVSS7.1AI score0.00111EPSS

Prion•added 2022/01/31 8:15 a.m.•28 views

Authentication flaw

5.8CVSS9.1AI score0.00111EPSS

Exploits0References1Affected Software5

CVE•added 2022/01/31 7:15 a.m.•138 views

CVE-2021-45079

Summary: CVE-2021-45079 affects strongSwan prior to 5.9.5. A malicious responder can send an EAP-Success message before proper authentication, and in EAP methods with mutual authentication and EAP-only authentication for IKEv2, potentially bypassing server authentication. What is affected: strong...

9.1CVSS9.1AI score0.00111EPSS

Exploits0References1Affected Software1

Debian CVE•added 2022/01/31 7:15 a.m.•34 views

CVE-2021-45079

9.1CVSS8.3AI score0.00111EPSS

Exploits0

AlpineLinux•added 2022/01/31 7:15 a.m.•42 views

CVE-2021-45079

9.1CVSS9.5AI score0.00111EPSS

Exploits0

Cvelist•added 2022/01/31 7:15 a.m.•25 views

CVE-2021-45079

9.5AI score0.00111EPSS

Tenable Nessus•added 2022/01/31 12:0 a.m.•42 views

Debian DSA-5056-1 : strongswan - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5056 advisory. Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even...

Tenable Nessus•added 2022/01/30 12:0 a.m.•78 views

Exploits0References6

FreeBSD : strongswan - Incorrect Handling of Early EAP-Success Messages (ccaea96b-7dcd-11ec-93df-00224d821998)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ccaea96b-7dcd-11ec-93df-00224d821998 advisory. - In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without...

Tenable Nessus•added 2022/01/28 12:0 a.m.•28 views

Exploits0References3

SUSE SLES15 Security Update : strongswan (SUSE-SU-2022:0211-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0211-1 advisory. - In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and...