Lucene search
K

303 matches found

Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.6 views

PT-2024-8869 · Brocade · Brocade X7 +6

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.0c Brocade Fabric OS versions 9.2.1 through 9.2.1a Description: The issue is related to a command injection vulnerability in the IPSEC component of Brocade Fabric OS, which could allow a local...

8.5CVSS7.6AI score0.00626EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/05 1:22 a.m.4 views

kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave before dereferencing the pointer...

5.5CVSS6.4AI score0.00239EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/05 12:54 a.m.4 views

kernel: bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

5.5CVSS6.4AI score0.00239EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/25 12:0 a.m.15 views

F5 Networks BIG-IP : libarchive vulnerability (K000148259)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the K000148259 advisory. CVE-2016-10350The archivereadformatcabreadheader function in archivereadsupportformatcab.c in libarchive...

5.5CVSS6.5AI score0.01699EPSS
Exploits0References3
OSV
OSV
added 2024/09/11 4:15 p.m.2 views

DEBIAN-CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

5.5CVSS5AI score0.00183EPSS
Exploits0References1
OSV
OSV
added 2024/09/11 4:15 p.m.2 views

UBUNTU-CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

5.5CVSS6.5AI score0.00183EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-38542 · Phoenix Contact · Phoenix Contact Fl Mguard

Name of the Vulnerable Software and Affected Versions: Phoenix Contact FL MGUARD versions affected versions not specified Description: An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the...

5.3CVSS7.2AI score0.00481EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.8 views

PT-2024-32106

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0-rc4+ Description The issue is related to the Linux kernel's bonding driver, where the ipsec lock is changed from a spin lock to a mutex. This change is necessary because the xdo dev state add and xdo dev...

5.5CVSS5.5AI score0.00168EPSS
Exploits0
OSV
OSV
added 2024/07/11 5:15 p.m.3 views

CVE-2024-39545

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon iked of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec...

8.7CVSS5.8AI score0.00491EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/04 12:32 p.m.3 views

SUSE CVE-2023-28840

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby, is commonly referred to as Docker. Swarm Mode, which i...

7.5CVSS7.5AI score0.02733EPSS
Exploits1References14
CNVD
CNVD
added 2024/05/10 12:0 a.m.6 views

F5 BIG-IP Configuration Utility Cross-Site Scripting Vulnerability (CNVD-2024-22215)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

6.1CVSS6.1AI score0.00314EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.2 views

SUSE CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...

5.5CVSS6.3AI score0.00227EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.7 views

PT-2024-2885 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S9 Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S7 Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S5 Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S4 Juniper...

7.1CVSS7.3AI score0.00295EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.1 views

PT-2024-2932 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure affected versions not specified Description: A heap overflow vulnerability in the IPSec component allows an unauthenticated malicious user to send specially crafted requests...

9.8CVSS6.7AI score0.18987EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.4 views

PT-2024-2931 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Description: The issue is related to an XML entity expansion or XEE vulnerability in the SAML component, allowing an unauthenticated attacker to se...

9.8CVSS6.8AI score0.18987EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.8 views

The vulnerability of the IPSec components of Ivanti Connect Secure and Ivanti Policy Secure network access control tools allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the IPSec components of Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to the possibility of buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to trigger service failures or execute arbitrary code by...

9CVSS7.6AI score0.18987EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.3 views

PT-2024-2564 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Description: A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure allows an unauthenticated...

9.8CVSS7.1AI score0.18987EPSS
Exploits0References50
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.2 views

PT-2024-22610

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.13.13 Cilium versions prior to 1.14.9 Cilium versions prior to 1.15.3 Description: Cilium, a networking, observability, and security solution with an eBPF-based dataplane, has a vulnerability in its IPsec transparen...

8CVSS7.7AI score0.00172EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.5 views

PT-2024-19388 · Sonicos · Sonicos

Name of the Vulnerable Software and Affected Versions: SonicOS affected versions not specified Description: The issue is an Integer-based buffer overflow vulnerability in SonicOS via IPSec. A remote attacker, under specific conditions, can cause Denial of Service DoS and potentially execute...

5.3CVSS8.3AI score0.01122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/08 12:0 a.m.6 views

PT-2024-21595

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc4+ Description A vulnerability in the Linux kernel has been resolved, related to the handling of pages from page pool in the esp output function. When the skb is reorganized during esp output, the pages...

5.5CVSS5.3AI score0.00227EPSS
Exploits0
Rows per page
Query Builder